George Theall on 17 Jan 2005 12:37:32 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Websites Defaced, any advice?


On Mon, Jan 17, 2005 at 12:21:10AM -0500, David Kaplowitz wrote:

> Well I noticed tonight that one of my web sites got defaced.
...
> Although I've yet to find the smoking
> gun in my log files, I'm 99% positive they exploited weaknesses in my
> configuration (or lack thereof) of PHP/MySQL (and a few popular CMSes,
> TikiWiki and Wordpress).

This may be due to the recently announced vulnerability in TikiWi
enabling anyone to upload files and then execute them:

  http://tikiwiki.org/tiki-read_article.php?articleId=97

The link provides some info on telltale log entries and ways to resolve
the problem. 

You may also wish to search BugTraq -- http://www.securityfocus.com/bid/
-- for some of the other software you run; it's very likely you'll find
problems with those as well, unless you're up-to-date. 


George
-- 
theall@tifaware.com

Attachment: pgpZoUpwMshrP.pgp
Description: PGP signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug