Hello guys,
can anybody help me out with a working version of NoTitle [¹] for mediawiki
1.16.0?
[¹] http://www.mediawiki.org/wiki/Extension:NoTitle
I tried all versions listed at the main page but none of them are working.
Thank you for your help.
Robert
Hi all,
my MediaWiki server was compromised by unknown hacker in past days. It was MW ver 1.13 and it was running on Debian Lenny, with Apache2, mySQL5 and PHP5 server.
Unfortunatelly I cannot find any closer information in the logs, so I don't know the used technique, but the hacker has created .re/ directory in the root of MW and put in it short index.php file with redirection script to another IP address with the server whith the bank Phishing page on it. :-(((
I have these questions to the MW community:
1) Has anybody of you heard about such kind of attack before? If yes, it is described somewhere, how it is done and how to protect the system against it?
2) I'll install completely fresh server and fill it with the data from backup. Do you use some special protection for MW servers (like SElinux or some special PHP settings (more that are the security recomendations for MW) or some other protection system)? Is it safe to fill back the data from backup of compromised system, namely I'm asking about the mySQL data or there can be some kind of backdoor in the database?
3) Is there any program or script which can be used to test images (from the backup) for potencial php code hidden in them (I have heard, that it is possible to hide PHP in some of the EXIF fieldsof the images)?
Thanks for any information and I wish to all of you - no hackers on your servers!
Jakub
Hello,
my installation of MediaWiki 1.16 logs me out after a certain time of inactivity, but I couldn't find out where to configure this. If I leave the window open for some minutes (15-30, I'd guess), and click on another page, I am required to relogin.
The relevant parts of my LocalSettings.php are
$wgCookieExpiration = 0;
$wgGroupPermissions['*']['read'] = false;
$wgWhitelistRead = array ("Special:Userlogin", "MediaWiki:Common.css", "MediaWiki:Common.js", "MediaWiki:Monobook.css", "MediaWiki:Monobook.js", "-");
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['createaccount'] = false;
Anyone has an idea?
Thanks,
Florian
To solve this, I now use the great extension TwitterFeed[1] that doesn't
require Widgets and can easily be adapted.
[1] http://www.mediawiki.org/wiki/Extension:TwitterFeed
Regards
robert
2010/9/2 Siebrand Mazeland <s.mazeland(a)xs4all.nl>
> You can use the Widgets extension[1,2].
>
> Siebrand
>
> [1] http://www.mediawiki.org/wiki/Extension:Widgets
> [2] http://www.mediawikiwidgets.org/Twitter
>
> -----Original Message-----
> From: mediawiki-l-bounces(a)lists.wikimedia.org [mailto:
> mediawiki-l-bounces(a)lists.wikimedia.org] On Behalf Of
> orschiro(a)googlemail.com
> Sent: Thursday, September 02, 2010 7:27 PM
> To: mediawiki-l
> Subject: [Mediawiki-l] Twitter integration
>
> are there any examples how to integrate the recent twitter posts in
> mediawiki?
>
> I thought about using twitter.com/badges and include raw html/js into
> my main page but for that I would have to enable raw html that is of
> course dangerous.
>
> Any better ideas?
>
>
>
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l(a)lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
Hello together
I've got some trouble with installing the new Wikipedia-editor in my wiki. Does someone know how I can install and configure it in my wiki? And where I can download the last stable version of the editor?
Thanks for your help
Nikola Stanković
_____________________
WigaSoft AG
Nikola Stanković
Informatik Lehrling
Hechtackerstrasse 12
CH-9014 St. Gallen
Telefon +41 71 274 51 31
Telefax +41 71 274 51 49
Hotline +41 71 274 51 33
n.stankovic(a)wigasoft.ch<mailto:n.stankovic@wigasoft.ch>
www.wigasoft.ch<http://www.wigasoft.ch/>
Vertraulichkeitshinweis/Confidentiality Notice<http://www.wigasoft.ch/vertraulichkeitshinweis/>
Veranstaltungshinweise:
20./21. Januar 2010 - Fachsymposium Gesundheit
Hello
I'm having some trouble with a new installation.
Windows 2008 Enterprise R1 64-bit
IIS 7.0
MW 1.16
PHP 5.2.12
Microsoft Fast CGI
The web content is stored on a local disk and the account its running under has the correct permissions.
So far I've been able to run the installer get the DB built and at the point where it should just work but when I hit the homepage to start using the wiki I'm presenting with just a blank screen.
Checking the PHP error log I see this
[06-Sep-2010 15:48:02] PHP Fatal error: require_once() [<a href='function.require'>function.require</a>]: Failed opening required '/includes/ProfilerStub.php' (include_path='.;C:\php5\pear') in E:\Shares\LWS-RSC-Education-Wiki\includes\WebStart.php on line 71
Which is odd as my php path is C:\Program Files (x86)\PHP\
Can anyone comment on this please?
Regards
Douglas Spooner, Senior Systems Analyst
Internet Services Team
Royal Society of Chemistry, Thomas Graham House,
Science Park, Milton Road, Cambridge CB4 0WF, UK
Tel +44 (0)1223 432334, Fax +44 (0)1223 432133
www.rsc.org
DISCLAIMER:
This communication (including any attachments) is intended for the use of the addressee only and may contain confidential, privileged or copyright material. It may not be relied upon or disclosed to any other person without the consent of the RSC. If you have received it in error, please contact us immediately. Any advice given by the RSC has been carefully formulated but is necessarily based on the information available, and the RSC cannot be held responsible for accuracy or completeness. In this respect, the RSC owes no duty of care and shall not be liable for any resulting damage or loss. The RSC acknowledges that a disclaimer cannot restrict liability at law for personal injury or death arising through a finding of negligence. The RSC does not warrant that its emails or attachments are Virus-free: Please rely on your own screening.
Добрый день уважаемые разработчики mediawiki.
У меня к вам есть следующий вопрос. Я делаю сайт на mediawiki (назовем его
mywikiservice.com) на котором в качестве названий статей должны выступать
адреса статей на других сайтах.
К примеру должна быть возможность создать страницу
http://mywikiservice.com/www.mediawiki.org/wiki/Communication/ru просто
набрав этот адрес в адресной строке. ЧПУ я настроил и с этим проблем нет.
Проблемы появляются, когда пользователь попытается через адресную строку
создать страницу в названии которой присутствует вопросительный знак "?" .
Просто скопировав ее адрес и вставив после http://mywikiservice.com/
Например
http://mywikiservice.com/answers.yahoo.com/question/index?qid=2010022414525….
В этом случае заголовок статьи обрезается до вопросительного знака и
превращается в http://mywikiservice.com/answers.yahoo.com/question/index.
Возможным решением является замена "?" на "%3f" еще на стадии создания
статьи через набор ее адреса в адресной строке браузера, или отказ от такого
способа создания статей в пользу создания статей через форму поиска или
добавления статьи, тогда замена вопросительных знаков на "%3f" происходит
автоматически.
Однако мне необходимо предусмотреть вариант, когда пользователь пытается
создать статью именно описанным выше способом: просто добавляя ее адрес
после "http://mywikiservice.com/" и чтобы замена "?" на "%3f" происходила
при этом автоматически без участия пользователя.
Возвожно ли это сделать и как именно? Спасибо.
Can you stop with the spam? Nobody cares what drugs your after.
On Sep 5, 2010 1:24 PM, "Dan Haunschild" <danhaunschild(a)gmail.com> wrote:
hope you get replys?? i am after oxy's and klonopin please, can you help me
w that
On Sun, Sep 5, 2010 at 5:01 AM, Jean-Marc van Leerdam <
j.m.van.leerdam(a)gmail.com> wrote:
> Hi,
>
...
We have been using mediawiki 1.12 in our organization for over a year now.
Users create their account and starting using wiki. Now we are planning to
switch to the LDAP/AD authentication method. Let's say once the users start
using LDAP method, what happens to their old (local mediawiki) accounts? I
am assuming that they just stay in the database.
My question:
How do we merge/map the stats of the correponding old user to their LDAP
login stats.
For example, John Winslow's old (local mediawiki) username was 'johnwin' but
his corresponding LDAP/AD username is 'johnw'.
I would like that stats of username 'johnwin' is merged/added with the new
username 'johnw'.
Thanks
Passing --fdpass or --stream to clamdscan works for calling up a scan on the command prompt however calling it through mediawiki (via the chrooted web user www) still fails with an error 127. If I make a file called test.php containing:
<?php
define("MEDIAWIKI", "mediawiki");
require_once("/htdocs/w/includes/GlobalFunctions.php" );
$output = wfShellExec( "command=/usr/local/bin/clamdscan --fdpass --no-summary '/htdocs/file.txt' 2>&1, $exitCode );
echo "exitcode is $exitCode";
?>
Executing "chroot -u www /var/www /usr/local/bin/clamdscan --fdpass --no-summary '/htdocs/file.txt' 2>&1" will work just fine but running the script will always fail with error 127. Even substituting in the $output line something like wfShellExec( "/bin/echo 'hello world' > world.txt" ); will always fail with error 127 as well, despite echo being at /var/www/bin/echo and permissions readable and executable by the proper www user. Appears that there may be something up with how mediawiki is executing shell commands, maybe I'm going about testing this the wrong way.
Thanks for the insight.
-------- Original Message --------
From: Platonides <Platonides(a)gmail.com>
Apparently from: mediawiki-l-bounces(a)lists.wikimedia.org
To: mediawiki-l(a)lists.wikimedia.org
Subject: Re: [Mediawiki-l] Setting up clamav for chrooted apache
Date: Fri, 03 Sep 2010 23:02:09 +0200
> tojja(a)Safe-mail.net wrote:
> > Thanks for the suggestion Platonides. After some digging around it appears that I have the same problem identified at http://readlist.com/lists/lists.clamav.net/clamav-users/1/6452.html which looks to be a problem with clamdscan passing a path within the chroot to clamd which typically won't exist. To test this one can 'touch /var/www/tmp/test' then 'chroot -u www /var/www /usr/local/bin/clamdscan /tmp/test' and it will fail with '/tmp/test: lstat() failed: No such file or directory. ERROR'. Now if one executes 'touch /tmp/test' and tries to scan within the chroot again it will work (barring any permissions problems). What I need is a way to tell clamd to append the chroot path onto the path supplied by clamdscan or trick clamdscan to not check for file existence since clamdscan checks if the path is valid inside the chroot then passes the path directly to clamd.
>
> Try passing --fdpass or --stream to clamdscan.