[pmwiki-users] MailPoet Virus -- eeps
Petko Yotov
5ko at 5ko.fr
Thu Jul 24 17:35:14 CDT 2014
Sandy writes:
> http://arstechnica.com/security/2014/07/mass-exploit-of-wordpress-plugin-
> backdoors-sites-running-joomla-magento-too/
...
> Can you reassure us that PmWiki.org has proper fences,
Yes, the server account containing the pmwiki.org website is separate from
other accounts with other websites. If another website on the same server is
compromized, the pmwiki.org site shouldn't be.
> and the scripts there are clean? (Knowing Pm, I think it's good, but want
Yes, as far as we know the scripts that *run* on pmwiki.org are clean.
Files uploaded to the Cookbook by pseudonymous users might potentially
contain exploits. That's why I advise cookbook writers, if possible to
provide their files both uploaded to pmwiki.org and linked to read-only
copies on their own wikis.
That said, recently uploaded files are easily monitored in AllRecentChanges
and can be reviewed/deleted in case of problems. All existing older files
were scanned and reviewed a few months ago for potential viruses and
exploits, so again, AFAIK even uploaded files are clean.
If you notice any problem please notify me ASAP.
Petko
More information about the pmwiki-users
mailing list