well in the lang directory there are only various translations for dokuwiki included...simple txt files. i suppose this rule triggered d:$web_dirs -> ^id$;
because the language directory for indonesian was called "id" i removed all the translations now and only kept english and german. i suppose this problem shouldn't occur anymore during rootcheck. but i'm sure there will be other false-positives as well. i think dokuwiki is considered fairly secure among the wiki tools. Am Mittwoch, 6. Januar 2016 16:36:01 UTC+1 schrieb dan (ddpbsd): > > On Tue, Jan 5, 2016 at 4:16 PM, theresa mic-snare > <[email protected] <javascript:>> wrote: > > Hi guys, > > > > rootcheck (system audit) came up with a couple of alerts which reference > > this URL....sadly the link is borken... > > http://www.ossec.net/wiki/index.php/WebAttacks_links > > > > It's an old wiki reference, so it's probably long gone. > > > I've also tried searching the ossec-docs for web attacks...sadly to no > > avail. > > > > anyway idea what it means? because I don't really have a clue what it > > means.. > > System Audit: Web exploits (uncommon file name inside htdocs) - Possible > > compromise. File: /var/www/html/dokuwiki/lib/plugins/config/lang/id. > > It looks like there is a file named "id" in > /var/www/html/dokuwiki/lib/plugins/config/lang. Take a look at that > file, try to figure out what it is. > > > Reference: http://www.ossec.net/wiki/index.php/WebAttacks_links > > > > thanks, > > theresa > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
