[oops, wrong list initially]
Reini Urban schrieb:
> Philip J. Hollenback schrieb:
>> Please approve the message I posted to phpwiki-talk a couple days ago:
>
> Sorry, I don't see your message in my admin interface which goes back to
> middle of July.
>
>> Begin forwarded message:
>>> From: "Philip J. Hollenback" <ph...@po...>
>>> Date: August 10, 2008 9:39:01 AM PDT
>>> To: php...@li...
>>> Subject: forum.php spam pages
>>>
>>> I've got my phpwiki (www.hollenback.net) locked to all users except
>>> myself for adding or editing pages. However, some spammer continues
>>> to exploit some phpwiki bug or error in my config to create bogus
>>> forum.php pages. These pages just contain lists of spam lnks. One
>>> gets created about once a week.
>>>
>>> Is anyone else seeing this, and any suggestion for how I can fix it?
>>> I know this is vague but I'm not sure where the hole is. I've had my
>>> wiki running for quite a while with no problems so my first suspicion
>>> is this is exploiting a hole in phpwiki.
Please remove lib/plugin/AddComment.php,
lib/plugin/WikiBlog.php and lib/plugin/WikiForum.php.
These plugins can be used by spammers.
--
Reini Urban
http://phpwiki.org/ http://murbreak.at/
|
