[pmwiki-users] MailPoet Virus -- eeps

Petko Yotov 5ko at 5ko.fr
Thu Jul 24 17:35:14 CDT 2014


Sandy writes:
> http://arstechnica.com/security/2014/07/mass-exploit-of-wordpress-plugin- 
> backdoors-sites-running-joomla-magento-too/
...
> Can you reassure us that PmWiki.org has proper fences,

Yes, the server account containing the pmwiki.org website is separate from  
other accounts with other websites. If another website on the same server is  
compromized, the pmwiki.org site shouldn't be.

> and the scripts there are clean? (Knowing Pm, I think it's good, but want

Yes, as far as we know the scripts that *run* on pmwiki.org are clean.

Files uploaded to the Cookbook by pseudonymous users might potentially  
contain exploits. That's why I advise cookbook writers, if possible to  
provide their files both uploaded to pmwiki.org and linked to read-only  
copies on their own wikis.

That said, recently uploaded files are easily monitored in AllRecentChanges  
and can be reviewed/deleted in case of problems. All existing older files  
were scanned and reviewed a few months ago for potential viruses and  
exploits, so again, AFAIK even uploaded files are clean.

If you notice any problem please notify me ASAP.

Petko






More information about the pmwiki-users mailing list