[Pdx-pm] kwiki

Keith Lofstrom keithl at kl-ic.com
Tue Feb 27 12:15:22 PST 2007

On Tue, Feb 27, 2007 at 11:09:22AM -0800, Eric Wilhelm wrote:
> # from Thomas J Keller
> # on Tuesday 27 February 2007 10:56 am:
> >Looks like the kwiki has been hacked.
> Thanks for the heads-up Tom.  Yeah, all our base are belong to ErD :-D  
> Not really hacked though, just spammed.
> FYI, if anyone notices a page being replaced by some spam, all you need 
> to do is go to the previous revision, select edit and then save.
> Meanwhile, anybody want to run a "security audit" against the link he 
> posted?

I got the same hack against two of my five kwiki homepages.  After
a repair (and after changing the archive page so they would not
attract further attentions) I did a "chown root.root" on them to
lock them down.

I imagine "phase two" is selling the changed pages to Wikispammers
or other nefarious villains.  So revision pages that show the mods
will probably be treated as vulnerabilities.  Best to change the
single line in the archive file, too.

I would like to maintain the open nature of my Kwiki's;  the attacks
to date have only been annoyances.  If they get worse, I would like
to hear about more robust ways to slow them down, while keeping as
much anonymity/openness as possible.

And if anyone wants to find the person responsible, kidnap them, and
bribe the Turkish government to keep them in prison forever, I will
donate money to sweeten the bribe.


Keith Lofstrom          keithl at keithl.com         Voice (503)-520-1993
KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs

More information about the Pdx-pm-list mailing list