Menu
▾
▴
phpwiki-talk
|
From: Steven M. <mur...@dc...> - 2002-01-11 15:15:50
|
Hi All, I regularly check my recent changes and I have noticed that some of my pages have been reset to older versions, some back to the installation defaults. I don't know if this is a result of a PhpWiki bug or due to an attack, or a mistake by a user. The versions of the page that I would like to keep are in the History, so I can restore them, but I would like to know what happened. Would anyone mind taking a look and seeing if they have any idea what went on? My site is: http://www.murdomedia.net/wiki/ It seems like all pages have been affected. For example Recent Visitors has been brought back to the original version, Recent Changes does not show these updates to be done. http://www.murdomedia.net/wiki/index.php?pagename=RecentVisitors It looks like someone has loaded the files from the serialized version, but I thought they would need admin privilages to do this. Any suggestions on what has happened would be greatly appreciated. Thanks in advance, Steven Murdoch. -- email: mur...@dc... web: http://www.dcs.gla.ac.uk/~murdocsj/ PGP/GnuPG Keys: http://www.murdomedia.net/keys.html |
|
From: Lawrence A. <la...@us...> - 2002-01-11 15:23:44
|
Steven, I agree - it looks to me like someone has loaded the original files on top of your wiki. I think there is a setting in index.php which controls whether or not you need admin privs to do this. You might check to see what it says Can you look in your webserver logs? They might help you work out who has accessed which pages Lawrence At 15:15 11/01/2002, Steven Murdoch wrote: >Hi All, > >I regularly check my recent changes and I have noticed that some of my >pages have been reset to older versions, some back to the installation >defaults. I don't know if this is a result of a PhpWiki bug or due to an >attack, or a mistake by a user. The versions of the page that I would like >to keep are in the History, so I can restore them, but I would like to >know what happened. > >Would anyone mind taking a look and seeing if they have any idea what went >on? My site is: http://www.murdomedia.net/wiki/ > >It seems like all pages have been affected. For example >Recent Visitors has been brought back to the original version, >Recent Changes does not show these updates to be done. >http://www.murdomedia.net/wiki/index.php?pagename=RecentVisitors > >It looks like someone has loaded the files from the serialized version, >but I thought they would need admin privilages to do this. > >Any suggestions on what has happened would be greatly appreciated. > >Thanks in advance, >Steven Murdoch. > >-- > >email: mur...@dc... >web: http://www.dcs.gla.ac.uk/~murdocsj/ >PGP/GnuPG Keys: http://www.murdomedia.net/keys.html > > >_______________________________________________ >Phpwiki-talk mailing list >Php...@li... >https://lists.sourceforge.net/lists/listinfo/phpwiki-talk |
|
From: Jeff D. <da...@da...> - 2002-01-11 18:38:57
|
On Fri, 11 Jan 2002 15:23:38 +0000 "Lawrence Akka" <la...@us...> wrote: > I agree - it looks to me like someone has loaded the original files on top > of your wiki. That's what it looks like to me, too... > I think there is a setting in index.php which controls > whether or not you need admin privs to do this. No. You should always need admin privs to do that. (The setting you're thinking about controls whether one can make zip-dumps without admin privs.) > Can you look in your webserver logs? They might help you work out who has > accessed which pages Yes. That's the first thing to look at. I suppose one possibility is that for some reason PhpWiki sporadically thinks HomePage is missing, and therefore "loads up a virgin wiki". That shouldn't, of course, happen; and I don't, off hand, have any suspicions of why it might. |
|
From: Lawrence A. <Law...@th...> - 2002-01-11 19:28:23
|
Actually, Jeff, if you delete HomePage, all the Virgin pages are reloaded - I just tested it on a dummy wiki on my pc. I am sure that is what has happened in this case. Someone has deleted the HomePage, and as a result a lot of other pages have been overwritten. Clearly this is an undesirable "feature". The Virgin wiki should only be loaded if the Home page is missing, and its most recent version is 1, or something like that Lawrence > > I suppose one possibility is that for some reason PhpWiki sporadically > thinks HomePage is missing, and therefore "loads up a virgin wiki". > That shouldn't, of course, happen; and I don't, off hand, have any > suspicions of why it might. > -------------------------------------------------------- Confidentiality Notice The information contained in this e-mail is confidential. It is for the use of the named recipient only. If you are not the named recipient, please destroy and do not disclose the contents of this e-mail to any other person, or copy it. Thank you for your co-operation. |
|
From: Jeff D. <da...@da...> - 2002-01-11 19:59:37
|
On Fri, 11 Jan 2002 19:33:25 -0000 "Lawrence Akka" <Law...@th...> wrote: > Actually, Jeff, if you delete HomePage, all the Virgin pages are reloaded Aha! Yes, of course. > Clearly this is an undesirable "feature". The Virgin wiki should only be loaded if the > Home page is missing, and its most recent version is 1, or something like that Actually, I think the virgin wiki should probably only be loaded if the page database is empty (no pages). The rest of the time, it should take manual intervention (i.e. load pgsrc via PhpWikiAdministration). Short term problems with this: 1. People who don't run PHP as an apache module currently can't use any of the administrative features, as the current login code (I think) depends on mod_php. (As always: once we move away from HTTP auth base authentification, this will cease to be a problem.) 2. Reini's bug: where the load-up of the version wiki seems to crap out in mid de-virginization. Also, I think we need to introduce some kind of versioning meta-data into the stock pgsrc. When one upgrades to a new release of PhpWiki, in general one does not want to replace most of the pgsrc. On the other hand, sometimes upgrading PhpWiki will break some of the "magic pages" (PhpWikiAdministration, RecentChanges, TitleSearch, etc...) If each page in the distributed pgsrc had a pgsrc_version meta-data, then there could be an option to only update the page if the pgsrc_version is greater than that currently in the database. (The "major" part of pgsrc_version should be incremented when there are functional changes to the page, the "minor" version gets bumped everytime the pgsrc is modified.) |
|
From: Lawrence A. <la...@us...> - 2002-01-11 15:26:31
|
I forgot to say, if you are running a recent version of phpWiki, you may find that it has kept its own logs - look in index.php again Lawrence At 15:15 11/01/2002, Steven Murdoch wrote: >Hi All, > >I regularly check my recent changes and I have noticed that some of my >pages have been reset to older versions, some back to the installation >defaults. I don't know if this is a result of a PhpWiki bug or due to an >attack, or a mistake by a user. The versions of the page that I would like >to keep are in the History, so I can restore them, but I would like to >know what happened. > >Would anyone mind taking a look and seeing if they have any idea what went >on? My site is: http://www.murdomedia.net/wiki/ > >It seems like all pages have been affected. For example >Recent Visitors has been brought back to the original version, >Recent Changes does not show these updates to be done. >http://www.murdomedia.net/wiki/index.php?pagename=RecentVisitors > >It looks like someone has loaded the files from the serialized version, >but I thought they would need admin privilages to do this. > >Any suggestions on what has happened would be greatly appreciated. > >Thanks in advance, >Steven Murdoch. > >-- > >email: mur...@dc... >web: http://www.dcs.gla.ac.uk/~murdocsj/ >PGP/GnuPG Keys: http://www.murdomedia.net/keys.html > > >_______________________________________________ >Phpwiki-talk mailing list >Php...@li... >https://lists.sourceforge.net/lists/listinfo/phpwiki-talk |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X