bug-wget
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-wget] Wget Wgiki vandalized, POSSIBLE PASSWORD LEAKS


From: Micah Cowan
Subject: [Bug-wget] Wget Wgiki vandalized, POSSIBLE PASSWORD LEAKS
Date: Tue, 7 May 2013 01:20:07 -0700

The Wget Wgiki was brought down by the security vulnerability identified here:
http://moinmo.in/SecurityFixes/CVE-2012-6081

IMPORTANT: Any number of attackers over the last 6 months will have
had access to the hashed password stores. Anyone with
less-than-very-strong passwords may have had their passwords revealed
to any number of people. IF YOU ARE USING THE SAME OR SIMILAR PASSWORD
ELSEWHERE, PLEASE IMMEDIATELY CHANGE THEM AS A PRECAUTION.

While the version of MoinMoin (the wiki software used by the Wgiki)
was good and patched, and did not suffer from the exploit described
there, it would appear that the version I was using 6 months ago, on a
different provider's VPS, did suffer from the vulnerability, and
around that time a shell access kit was installed to the wiki. It is
unknown to what purposes it may have been put since then, and I no
longer have logs from then (or from that server).

Any time between July and now, it would have been possible for people
to execute arbitrary shell code on the server, as the web server's
uid/gid. As of about noon Pacific Time on May 6, someone decided to
run "rm -fr *" using this shell access. Since a wiki needs to be
server-modifiable, all of the Wgiki's contents were deleted. Three
other sites I host on the VPS were similarly impacted; all will be
recoverable. An additional two sites were not modifiable by the
server, and thus escaped harm.

A backup of the website's data exists, as of its state on Apr 19, and
the site will be restored from this data (it is in fact the same data
that was used to migrate the Wgiki to its new location, around that
time). Changes made since then will be lost.

I had recently cleared a large number of spammy users and pages out
from the wiki, I will have to repeat this work, and plan to do so
before restoring the site's functionality, so it may take a little
time.

Given the potential for some password information to have leaked (if
someone was able to fetch and crack the hashes), all preexisting user
accounts will be destroyed; new ones will be required if you wish to
make modifications to the site.

Yours,
Micah Cowan



reply via email to

[Prev in Thread] Current Thread [Next in Thread]