Menu

1.3.11r3 has security problems

Scott Auge
2007-07-26
2012-10-11
  • Scott Auge

    Scott Auge - 2007-07-26

    I know, I know - it is plenty old.

    A couple of days ago I started noticing a lot of comments from the comment plugin putting in the ole spam to the wiki. Strippers strippers strippers! And vitamins too!

    Then I noticed that if one wanted to add a new page, it would automatically put one to the AddCommentPlugin page - no new pages! It was a battle between my bot and their bot for deleting and adding comment pages. I have a suspicion they had it set up like that so their bot could simply add pages by hitting the site with any name and have an expected input box there.

    I re-installed the old stuff I had tucked in the corner and it is working OK for now - as well firewalled the IPs that were spamming. I figure one of them were the trouble maker.

    I am doing a more detailed forensic exam and hopefully will come up with something to what they are pulling off.

    Heads up!

     
    • Reini Urban

      Reini Urban - 2007-07-26

      Every wiki version has "security problems", because the default
      settings is to allow anybody to post. AntiSpam measures have to
      be enabled.

      1.3.11 already has ENABLE_CAPTCHA and ENABLE_SPAMASSASSIN.

      You can also simply disable RPC2.php, plugin/AddComment.php, plugin/WikiBlog.php.
      Esp. when fighting against bots.

       
    • mswlogo

      mswlogo - 2007-10-23

      I removed AddComment WikiBlog scripts from the plugin directory, I assume that's how to disable?

      How do you disable RPC2.php? Should I just remove it, code inside seems to indicate it's depreicated, do what exactly should be done here?

       

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.