[MediaWiki-l] Restoring MediaWiki after the Drupal exploit?

Bartosz Dziewoński matma.rex at gmail.com
Sun Nov 2 23:20:14 UTC 2014


On Sun, 02 Nov 2014 23:53:28 +0100, Boris Steipe  
<boris.steipe at utoronto.ca> wrote:

> If I understand the Drupal advisory correctly, backdoors could have been  
> installed in the database. I don't know nearly enough about this, but I  
> suspect this could mean that a backdoor could reappear on the new  
> machine if I were to dump my current Wiki tables from the old machine  
> and reinstall them on the new machine. Is this correct? And if so, what  
> would the best strategy be for recovery? I hope this can be done more  
> efficiently than copy/pasting Wikitext.

If you want to be extra paranoid, and you only care about the contents of  
pages (and possibly their earlier versions) and none of all the boring  
extra data, then you can export and import the contents of wiki pages.  
This should always be safe, as MediaWiki assumes that all page text is  
hostile user input and always parses and escapes everything that needs it.

https://www.mediawiki.org/wiki/Manual:Importing_XML_dumps

-- 
Bartosz Dziewoński



More information about the MediaWiki-l mailing list