[pmwiki-users] Vulnerability being exploited
Wade Hudson
whudson at igc.org
Wed Jan 3 13:39:32 CST 2007
Apparently I was wrong about "a vulernability is being exploited on the
top-level script." Criss, who helped me upgrade to the latest version of
PmWiki, tells me:
The way the mailform works, people *can't* get your email address.
Your email address is in the config file, not anywhere a spammer
could get to it.
But after the upgrade, I'm still getting about 15 spams each day. Here's
an example:
<a href="http://www.spazioforum.it/forums/cayman.html">viagra online</a> [url=http://www.spazioforum.it/forums/cayman.html]viagra online[/url] <a href="http://www.spazioforum.it/forums/gtcup.html">buy levitra</a> [url=http://www.spazioforum.it/forums/gtcup.html]buy levitra[/url] <a href="http://www.spazioforum.it/forums/carrera.html">viagra cheap</a> [url=http://www.spazioforum.it/forums/carrera.html]viagra cheap[/url] <a href="http://www.spazioforum.it/forums/cayenne.html">buy generic viagra</a> [url=http://www.spazioforum.it/forums/cayenne.html]buy generic viagra[/url] <a href="http://www.spazioforum.it/forums/boxster.html">generic cialis</a> [url=http://www.spazioforum.it/forums/boxster.html]generic cialis[/url] cnk7inl180cn9n9
-------------------------------------------/*
**This message was sent by the PmWiki MailForm at Comment.Home*/
But http://progressiveresourcecatalog.org/index.php/Comment.MailformWh
no longer exists. I deleted it and substituted "To contact the
Progressive Resource Catalog, send email to Wade Hudson, whudson AT igc
DOT org." (See
http://progressiveresourcecatalog.org/index.php/Comment.Home). How can I
be getting spam from a mailform that is no longer on my site?
Using Thunderbird, I filter that spam into my Junk mail folder and
periodically delete them. So it's no real problem for me and my web host
no longer seems worried about a more serious vulnerability.
But this spam remains a curiosity that may be of interest to others and
may be a problem that we can solve somehow. Could the spammers have
captured what they need to use the mail form even though that page is no
longer on the site?
Should I update my comments.php or my mailform recipe (they're both old)?
Thanks,
Wade
christian.ridderstrom at gmail.com wrote:
> On Thu, 21 Dec 2006, Wade Hudson wrote:
>
>> Dear pmwiki users:
>>
>> On my site, a vulernability is being exploited on the top-level
>> script. About ten times a day, I receive spam that includes a number
>> as the username and then has "@users.hostname.net" as the domain name.
>
>
> I'm not to clear on the details here. Are you saying that pmwiki.php
> is being used to send spam?
>
> /Christian
>
>------------------------------------------------------------------------
>
>_______________________________________________
>pmwiki-users mailing list
>pmwiki-users at pmichaud.com
>http://www.pmichaud.com/mailman/listinfo/pmwiki-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20070103/98354602/attachment.html
More information about the pmwiki-users
mailing list