I just had a site vandalized via a new method I hadn't seen before, and the hosting service was incredulous of.
The entire site's group ownership (this being a UNIX system) was changed to "igsvirt". Then all of the wiki.d files (which are group writable) were overwritten with identical HTML code. Of course PmWiki didn't display the HTML, so the site now appears to be a blank template. It may be relevant that the HTML contains links to a domain name registered in Turkey, and the volunteer who had been working on the site has an ex-husband in Turkey, and it's possible that the password on the account hasn't been changed since the breakup. She doesn't have the FTP password (not being the account owner), but he might for all I know. I'll check into that. But if he has the password, then why bother to change the group ownership, and only change the files that are group writable? Is it conceivable that another user on the same system (this being a shared host) could have used the chgrp command to gain access to the files? Or is chgrp pretty well locked down? Ideas welcome. Thanks! --Ben S _______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users