Carlos AB writes:
The thing which is really annoying is that I get an error messages every time
they try to brute force my site (it is not the first time though).
I don't use authuser so it is just one form field in the login action, to
send the password back to the site.
I have some recipes enabled, some are my own recipes.
The error messages are like this:
[01-Mar-2013 07:09:12 UTC] PHP Warning: Cannot modify header information -
headers already sent by (output started at ../public_html/pmwiki.php:2067) in
/home2/codexwik/public_html/scripts/author.php on line 25
[01-Mar-2013 07:09:12 UTC] PHP Warning: Cannot modify header information -
headers already sent by (output started at ../public_html/pmwiki.php:2067) in
/home2/codexwik/public_html/pmwiki.php on line 1176
[13-Nov-2012 21:02:25 UTC] PHP Warning: Cannot modify header information -
headers already sent by (output started at ../public_html/pmwiki.php:2067) in
/home2/codexwik/public_html/scripts/feeds.php on line 258
It doesn't really look like an attack.
These are most likely caused by some character sent by a script before the
HTTP headers. Check that pmwiki.php and all included files don't have an
ending ?> marker which is not required, but if you have even a space or a
new line, headers cannot be sent.
Also check if some file was not saved in UTF-8 with "Byte order mask (BOM)"
- this mask is 3 (invisible) bytes at the beginning of the file and may
cause the described warning messages.
Otherwise, you can include the file scripts/author.php early in config.php.
[26-Feb-2013 16:28:32 UTC] PHP Warning: Unknown: Failed to write session
data (files). Please verify that the current setting of session.save_path is
correct (/tmp) in Unknown on line 0
This may appear if PHP cannot write in the directory where it is supposed to
save session data (/tmp) which may be full or forbidden. It may be possible
to change this directory to one of your own, which MUST NOT be accessible
via HTTP in a browser. See
http://php.net/session-save-path
The recipe PersistentLogin creates and uses such a custom session directory.
Contact me if you have some questions.
http://www.pmwiki.org/wiki/Cookbook/PersistentLogin
Petko
_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
