Loading...
 
Skip to main content

Custom Share Module 0.1dev

Features / Usability

Features / Usability

Forum List Topic List

Forums » Features / Usability » remove spam: bottom line to /mods/iz.html porn links
 
Thread actions
Print this page
  • Print all pages

    • remove spam: bottom line to /mods/iz.html porn links

    Posted by eSeL posts: 40 Austria

    ALL my wiki pages including any "internal" sites" (not just the pages i created, but ANY tiki page!) has been "spammed"

    there now is now a line at the bottom of each page that says:

    Created by: admin last modification: Wednesday 25 of October, 2006 20:19:30 by USERNAME

    the link leads to page full of porn-links:
    ...domain-name.../mods/iz.html

    unfortunately i have not updated since... 1.9.5.
    so i assume this is a well-known exploit. sigh.


    would an update remove ALL those links at the bottom of each page at once?
    (i better update ASAP - don´t even want to imagine what else lurks there...)

    or is there another "best practice" to remove ALL those lines / links at once?
    though i am not a server expert i have access via phpmyadmin so maybe i could remove them via database?
    or is there an even simpler solution (maybe this link is just part of some template?)

    are there any other known security risks or holes to my server that got created in the course of this spam-attack?

    thank you for any advice!

    Reads: 1391
    Posted by Gary Cunningham-Lee posts: 4661 Japan

    Do you mean the link that leads to the page of porn links is the page author's name (which normally links to his/her user information page)? If so, I think the solution is to delete all such references to that user.

    First you might want to temporarily switch the page author information ("List authors:" near the bottom of the Wiki Features section on Admin Wiki page) to "No". This will stop the page author information from being displayed on the page.

    There is no way to delete the bogus user's records using the Tiki admin interface. To do this, you have to edit the tiki_history table in your Tiki database using phpMyAdmin. Find all rows in the table where user is the bogus username and delete them.

    I'm not sure about other things that might have been done to your site. You should upgrade, anyway, and try to check that there are no additional or suspicious files in any of the Tiki directories.

    -- Gary - themes.tw.o


    Posted by eSeL posts: 40 Austria

    hi gary,
    thanks for your reply.
    First of all: I will try an update tomorrow and see if that fixed any of the trouble…

    Obviously they leave their file in /mods/iz.html
    and I also found a file called tik.php
    which attached it for anyone interested in “research???
    a few questions though…

    First you might want to temporarily switch the page author information ("List authors:" near the bottom of the Wiki Features section on Admin Wiki page) to "No". This will stop the page author information from being displayed on the page.

    Unfortunately I am locked out of exactly THIS page. (although I am admin)
    tiki-admin.php >> “You do not have permission to use this feature???
    Seems part of the package they left behind.. – at least they fully know your tiki by heart.
    in which mysql-table could I reset the permissions to that to the group “admins????

    try to check that there are no additional or suspicious files in any of the Tiki directories.

    I checked and MOST of the directories have permissions set to: drwxrwxr-x
    Can I reduce that to less permissions for “others????
    which directories do really need permissions to write or execute?
    (to lock out further intruders)

    you have to edit the tiki_history table in your Tiki database using phpMyAdmin. Find all rows in the table where user is the bogus username and delete them.

    Unfortunately this bogus user is my “main user??? – so it´s most of them….
    Can I really delete each row in the table “ tiki_history“ that contains the name of this user (which is basically almost all of them) without doing damage to the running wiki?
    Personally I don´t care about the history of the pages.
    But I am just double-checking.

    tik.php (1.02 Kb)

    Upcoming Events

    1)  18 Jul 2024 14:00 GMT-0000
    Tiki Roundtable Meeting
    2)  15 Aug 2024 14:00 GMT-0000
    Tiki Roundtable Meeting
    3)  19 Sep 2024 14:00 GMT-0000
    Tiki Roundtable Meeting
    4) 
    Tiki birthday
    5)  17 Oct 2024 14:00 GMT-0000
    Tiki Roundtable Meeting
    6)  21 Nov 2024 14:00 GMT-0000
    Tiki Roundtable Meeting
    7)  19 Dec 2024 14:00 GMT-0000
    Tiki Roundtable Meeting