Dan Frankowski schrieb:
> The machine that runs wikilens.org was hacked through an old unpatched
> instance of PhpBB2.
I had that and a squirelmail end of last year. formmail and perl cgi's
are also very often.
Use a kernel without modules.
Which rootkit? Modified t0rn are quite often, which are very easy to
remove, even without a fresh reinstall.
> This delayed our release of MoonBadger, which by the way Reini, has a
> few primitive auto-complete textboxes, though not through the cool
> server-side XML-RPC. We'd love that, although it would require PhpWiki
> responding quickly. I don't know performance now, but our pages are
> around 1s, pretty slow for autocomplete, although page render is
> probably more work than returning a few autocomplete results.
We can do xmlrpc very fast if no auth is needed.
The hyperwiki is quite fast, say: fast enough for me. This does a lot of
xml-rpc requests, not just one as in autocompletion.
And dba is fastest of course, the first sql connection overhead is gigantic.
> Aside from that, it made me wonder about the security of PhpWiki. If I
> get hacked again, our systems support will frown at me even more, and we
> have several PhpWikis running, some externally visible (like wikilens).
> Are there known exploits in 1.3.7 or 1.3.9? Has somebody thought about
> security? Is there a writeup somewhere I can read?
So far only one problem occured, which was fixed immediately.
A possible LDAP injection, using * as username.
Sorry, no writeup. There was some discussion 2002 in this mailinglist.
I doubt that we are are cross-side scripting vulnerable,
but some external auth stuff, and the xml-rpc and soap extension might
be vulnerable. External images maybe also.
Be sure to keep your php up to date. Almost every two months is another
php vulnerability. Apache stabilized a bit now.
--
Reini Urban
http://xarch.tu-graz.ac.at/home/rurban/
|
