[pmwiki-users] Hacking (again!)
Erik Haagensen
erik.haa at gmail.com
Thu Jul 31 06:59:40 CDT 2008
Our site has been vandalized a couple of times - that seems to be over now
after putting in an "open" password for doing changes - like described in this
subject
http://article.gmane.org/gmane.comp.web.wiki.pmwiki.user/50436/match=hacking
However - the latest weeks there has been a change directly in the php-code -
making references to a malicious site in one or another way (I'm not so good
at this code stuff!).
I asked my servivce provider if there were possible to do changes in the
system files on his server - and he replied that the security on the server
was good enough - and that any hacking was possible because of - I'll try to
translate -
"This type of hacking is due to security holes in the code - not on the
server. We cannot do anything from our side. As a rule this is caused by badly
secured schematic code / form code (??) "
I have problems argueing with them - partly because of my little knowledge
about this - partly because of their attitude.
Anyone that has an idea about this problem ?
I've run the Site Analyzer and the only thing that came up was that
?action=diag ... enabled
No other vulnerabilities.
--
mvh
Erik Haagensen
Oslia
NO-2550 Os i Østerdalen
More information about the pmwiki-users
mailing list