[pmwiki-users] Under attack

Petko Yotov 5ko at 5ko.fr
Sat Mar 9 10:52:31 CST 2013


Carlos AB writes:
> The thing which is really annoying is that I get an error messages every time  
> they try to brute force my site (it is not the first time though).
> I don't use authuser so it is just one form field in the login action, to  
> send the password back to the site.
> I have some recipes enabled, some are my own recipes.
>
> The error messages are like this:
>
> [01-Mar-2013 07:09:12 UTC] PHP Warning:  Cannot modify header information -  
> headers already sent by (output started at ../public_html/pmwiki.php:2067) in  
> /home2/codexwik/public_html/scripts/author.php on line 25
> [01-Mar-2013 07:09:12 UTC] PHP Warning:  Cannot modify header information -  
> headers already sent by (output started at ../public_html/pmwiki.php:2067) in  
> /home2/codexwik/public_html/pmwiki.php on line 1176
> [13-Nov-2012 21:02:25 UTC] PHP Warning:  Cannot modify header information -  
> headers already sent by (output started at ../public_html/pmwiki.php:2067) in  
> /home2/codexwik/public_html/scripts/feeds.php on line 258

It doesn't really look like an attack.

These are most likely caused by some character sent by a script before the  
HTTP headers. Check that pmwiki.php and all included files don't have an  
ending ?> marker which is not required, but if you have even a space or a  
new line, headers cannot be sent.

Also check if some file was not saved in UTF-8 with "Byte order mask (BOM)"  
- this mask is 3 (invisible) bytes at the beginning of the file and may  
cause the described warning messages.

Otherwise, you can include the file scripts/author.php early in config.php.

> [26-Feb-2013 16:28:32 UTC] PHP Warning:  Unknown: Failed to write session  
> data (files). Please verify that the current setting of session.save_path is  
> correct (/tmp) in Unknown on line 0

This may appear if PHP cannot write in the directory where it is supposed to  
save session data (/tmp) which may be full or forbidden. It may be possible  
to change this directory to one of your own, which MUST NOT be accessible  
via HTTP in a browser. See

  http://php.net/session-save-path

The recipe PersistentLogin creates and uses such a custom session directory.  
Contact me if you have some questions.

  http://www.pmwiki.org/wiki/Cookbook/PersistentLogin

Petko




More information about the pmwiki-users mailing list