Did you have file uploads enabled? If so, did you ensure that PHP was disabled in your upload folder? If not, the script-kiddie could easily have uploaded some malicious PHP and executed it.
Ryan
On August 6, 2004 11:59 am, Greg Rundlett wrote:
My website was just defaced, and I have not yet had a chance to investigate the exact causes. The script-kiddie was able to upload a php shell creation script + php-explorer and others.
I installed mediawiki in the last two weeks, and the folder is now gone. I'm wondering if mediawiki is known to be secure with allow_url_fopen set to on? Are there any known vulnerabilities in mediawiki? I do not know the exact vulnerability that caused my site to be owned, and there may have been mulitple vulnerabilitites, I'm just asking what if any info you might have in this regard.
Thanks, Greg