Tags:
create new tag
view all tags

SID-01473: I have been Hacked

Status: Answered Answered TWiki version: 5.1.1 Perl version: Pearl 5
Category: CategoryDeployment Server OS: Redhat 5.0 Last update: 11 years ago

My TWiki Web Site has been hacked. Someone was able to gain access without notification and add a topic. It was a non-WikiWord, just nonsense. You click on the topic and you get paragraphs of non-sense in the legit TWiki window. You click on raw edit, you get a black page. If you go back to the topic and click on "More Topic Actions" and try to delete the topic you get a TWIKI window that says "access denied, you are trying to rename a topic that does not exist." No, I didn't accidently click rename/move topic. I clicked on delete topic. It appears the hacker was able to do this addition to all revisions also. Do you know how I can get rid of this stuff? I can't believe people spend the time and do this. What do they get out of it???

-- DavidSteininger - 2012-06-04

Discussion and Answer

What is the URL-path of the page? If you can't delete using the browser, delete the page from the shell. For example, this topic would be at /path/to/twiki/data/Support/Support/SID-01473.txt.

-- PeterThoeny - 2012-06-04

Peter, you are quick!!!!

Well here it is if you are really interested: http://nuclearconst.net/twiki/bin/view/Main/T%fcm_Teskilatimizdaki_%c4%b0%c5%9f%e7i_kardeslerimizin_credit_cards_bad_credit_1Mayis_%c4%b0%c5%9f%e7i_Bayram%c4%b1_Kutlu_Olsun

You can see the stupid topic namethat was added from someone in Canada or whatever. I'll work on what you suggest but I am going out of town on business tomorrow morning for a week.

Thanks for the prompt response. I'll let you know what happens.

-- DavidSteininger - 2012-06-04

Ah, WikiSpam is a common issue on public TWikis. See that topic for countermeasures.

I put that spammer's website on the shared spam list, e.g. if you install the BlackListPlugin they won't be able to bother you again.

If you can't delete that topic, login on the shell, change to the twiki/data/Main directory and delete that file: rm *credit_cards*

-- PeterThoeny - 2012-06-04

If feasible, consider locking down registrations, and let admins register new users.

-- PeterThoeny - 2012-06-04

David, you are local: FYI, we are organizing TWiki User Meetups in the Silicon Valley. Please join us next time - subscribe to the low volume [twiki-users-sfbay] mailing list, TWikiMeetUpInSiliconValley.

-- PeterThoeny - 2012-06-04

Peter,

I cleaned everything up. It also appears I misunderstood the security option in configure when I first set up the site. I have corrected it. So far it looks secure.

I will attend the next meeting in the Valley now that I have some useful TWiki knowledge and and operating TWiki site..

Thanks for the help

-- DavidSteininger - 2012-06-13

Closing this question after more than 30 days of inactivity. Feel free to reopen if needed. Consider engaging one of the TWiki consultants if you need timely help. We invite you to get involved with the community, it is more likely you get community support if you support the open source project!

-- PeterThoeny - 2012-07-01

      Change status to:
ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.
SupportForm
Status Answered
Title I have been Hacked
SupportCategory CategoryDeployment
TWiki version 5.1.1
Server OS Redhat 5.0
Web server Apache
Perl version Pearl 5
Edit | Attach | Watch | Print version | History: r6 < r5 < r4 < r3 < r2 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r6 - 2012-07-01 - PeterThoeny
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.