[pmwiki-users] Need some help with a wiki.d security breach

[Ben Wilson]

On 11/4/06, Patrick R. Michaud <pmichaud at pobox.com> wrote:
>
> I'm guessing that the webserver is configured to ignore .htaccess
> files in directories.  Ouch.

If this is the case, then I would consider moving ISPs. Then again,
the cracker could have reconfigured the webserver. However, having
been the victim of an attack (exploiting a kernel defect that was
remedied by upgrading to Gentoo's secure kernel), I know that once
they can crack a server, the cracker can run a cronned script against
it. So assume that until the real cause of the intrusion is detected,
that server has been dialed in.

-- 
Ben Wilson