SID-01473: I have been Hacked
Status: |
Answered |
TWiki version: |
5.1.1 |
Perl version: |
Pearl 5 |
Category: |
CategoryDeployment |
Server OS: |
Redhat 5.0 |
Last update: |
11 years ago |
My TWiki Web Site has been hacked. Someone was able to gain access without notification and add a topic. It was a non-WikiWord, just nonsense. You click on the topic and you get paragraphs of non-sense in the legit TWiki window. You click on raw edit, you get a black page. If you go back to the topic and click on "More Topic Actions" and try to delete the topic you get a TWIKI window that says "access denied, you are trying to rename a topic that does not exist." No, I didn't accidently click rename/move topic. I clicked on delete topic. It appears the hacker was able to do this addition to all revisions also. Do you know how I can get rid of this stuff? I can't believe people spend the time and do this. What do they get out of it???
--
DavidSteininger - 2012-06-04
Discussion and Answer
What is the URL-path of the page? If you can't delete using the browser, delete the page from the shell. For example, this topic would be at
/path/to/twiki/data/Support/Support/SID-01473.txt
.
--
PeterThoeny - 2012-06-04
Peter, you are quick!!!!
Well here it is if you are really interested:
http://nuclearconst.net/twiki/bin/view/Main/T%fcm_Teskilatimizdaki_%c4%b0%c5%9f%e7i_kardeslerimizin_credit_cards_bad_credit_1Mayis_%c4%b0%c5%9f%e7i_Bayram%c4%b1_Kutlu_Olsun
You can see the stupid topic namethat was added from someone in Canada or whatever. I'll work on what you suggest but I am going out of town on business tomorrow morning for a week.
Thanks for the prompt response. I'll let you know what happens.
--
DavidSteininger - 2012-06-04
Ah,
WikiSpam is a common issue on public TWikis. See that topic for countermeasures.
I put that spammer's website on the shared spam list, e.g. if you install the
BlackListPlugin they won't be able to bother you again.
If you can't delete that topic, login on the shell, change to the twiki/data/Main directory and delete that file:
rm *credit_cards*
--
PeterThoeny - 2012-06-04
If feasible, consider locking down registrations, and let admins register new users.
--
PeterThoeny - 2012-06-04
David, you are local: FYI, we are organizing TWiki User Meetups in the Silicon Valley. Please join us next time - subscribe to the low volume [twiki-users-sfbay] mailing list,
TWikiMeetUpInSiliconValley.
--
PeterThoeny - 2012-06-04
Peter,
I cleaned everything up. It also appears I misunderstood the security option in configure when I first set up the site. I have corrected it. So far it looks secure.
I will attend the next meeting in the Valley now that I have some useful TWiki knowledge and and operating TWiki site..
Thanks for the help
--
DavidSteininger - 2012-06-13
Closing this question after more than 30 days of inactivity. Feel free to reopen if needed. Consider engaging one of the
TWiki consultants if you need timely help. We invite you to
get involved with the community, it is more likely you get community support if you support the open source project!
--
PeterThoeny - 2012-07-01
If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.