On Sunday 16 June 2013 19:09:36 Desmond Rivet wrote: > Hi all, > > I'm running a personal MoinMoin wiki. I've recently discovered that I've > been cracked. I'm finding lots of entries in the data/pages directory that > look like: > > zupeginwuxi397/edit-log > 6pm_Offer_Coupon_Codes/edit-log > > All the edit-log files (that I've checked) appear to be empty. The file > also appears to be the only contents of these bogus pages/directories. As > I said, I have a ton of these in my data/pages folder. And it's been going > on for a while, judging by the backup I've looked at.
These are attempts to create pages, and I think that a bug was reported recently about such denied attempts still creating files, even though the pages will not be created: http://comments.gmane.org/gmane.comp.web.wiki.moin.general/8998 The following fix was described: http://hg.moinmo.in/moin/1.9/rev/6489ec33874d > I'm not sure how it happened or what the intent was. I'm not sure what > exactly has been compromised. Can I just change my login password and get > a better SSL certificate? (I always logged in via https, but maybe the > certificate was compromised). Provided that you're running a fixed version of Moin that isn't subject to vulnerabilities, I rather suspect that you're seeing the effect of the problem mentioned above. > That being said, all is not lost. It's fairly easy for me to pick out my > own pages from the mess - looking for folders that have a "revisions" > subfolder seems to do the trick. > > So I'm seeking some advice on how to proceed. Can I simply rm -rf the > bogus directories from the file system? If I do this, will I have to > update some other cache file? I don't want to give concrete advice here, but I imagine that you could remove the bogus directories. If Moin has a record of the pages elsewhere, it will probably just ignore them if it comes across something like a log entry referencing them. Maybe the despam action helps in this situation, but I wouldn't know. > Should I re-install MoinMoin? If I do, is there a way to re-import all my > original pages into the new wiki (assuming I pulled out all the pages from > my old wiki) ? I wouldn't immediately re-install Moin. It might be interesting to know what kind of authentication measures you provide, whether you have a restrictive ACL policy, and whether the "newaccount" action is enabled. Generally, to prevent bogus edits you can require users to be registered in order to make edits, you can thereby require authentication, and you can forbid new accounts by putting the following in the class in your configuration file: actions_excluded = ["newaccount"] # plus any others you exclude At that point, maybe the only new files that get created are session files and cache files, as far as I can tell. Paul ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Moin-user mailing list Moin-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/moin-user
