Can't login into the Wiki

Forum for discussion about the documentation project.
DOS386
Posts: 798
Joined: Jul 02, 2005 20:55

Can't login into the Wiki

Postby DOS386 » Nov 06, 2011 15:29

anyone else has problems? The login page displays garbage

http://www.freebasic.net/wiki/wikka.php ... erSettings

it won't even let my type any name or pwd ...
fxm
Posts: 10228
Joined: Apr 22, 2009 12:46
Location: Paris suburbs, FRANCE

Re: Can't login into the Wiki

Postby fxm » Nov 06, 2011 15:35

DOS386 wrote:anyone else has problems? The login page displays garbage

http://www.freebasic.net/wiki/wikka.php ... erSettings

it won't even let my type any name or pwd ...

Yes, IMHO it is since the recent change:
Fri, 28 Oct 2011:
(04:49 CDT) [history] - UserSettings ⇒ DrV
counting_pine
Site Admin
Posts: 6245
Joined: Jul 05, 2005 17:32
Location: Manchester, Lancs

Postby counting_pine » Nov 06, 2011 16:11

Trying to call up the old UserSettings page from history doesn't seem to work either.

I don't know much PHP but I speculate that it's an attempt to make the server run some PHP, and/or it's trying to steal passwords. It probably wouldn't hurt to change your password if you've tried logging in recently.

At the bottom of the code seems to be an iframe pointing to what Firefox calls a "reported attack page".
fxm
Posts: 10228
Joined: Apr 22, 2009 12:46
Location: Paris suburbs, FRANCE

Postby fxm » Nov 06, 2011 17:26

counting_pine wrote:It probably wouldn't hurt to change your password if you've tried logging in recently.

- But how change my password when the wiki login page displays garbage?
(If I call 'Page History', I find at the button of the big page two duplicated login-fields (one in deletions section and other in oldest version section), but obviously the login attempt fails for both login-fields.)
It seems that the login-fields have been deleted!
Besides, I do not understand your proposal.

- Same behavior with Windows explorer which does not know any login-name and password!
(I use it very very rarely, because it is very old!)

- My last successful login:
Sat, 22 Oct 2011:
(15:10 CDT) [history] - KeyPgCondCreate ⇒ FxMwikki [Suppression of the link to KeyPgCondCreate itself]

- Is there been an update of the server?

- And what about this recent change:
Fri, 28 Oct 2011:
(04:49 CDT) [history] - UserSettings ⇒ DrV
with the login-fields deletion.
badidea
Posts: 2229
Joined: May 24, 2007 22:10
Location: The Netherlands

Postby badidea » Nov 06, 2011 22:29

Seems hacked with the use of some C99Shell script:

http://www.securelist.com/en/descriptions/old188613

Things like:
array("find all .htpasswd files", "find / -type f -name .htpasswd")
array("show opened ports", "netstat -an | grep -i listen")

should not be there. so does:

"Killing process #".$kill."... ok. he is dead, amen."
counting_pine
Site Admin
Posts: 6245
Joined: Jul 05, 2005 17:32
Location: Manchester, Lancs

Postby counting_pine » Nov 06, 2011 23:19

fxm wrote:- But how change my password when the wiki login page displays garbage?
Good question.

YMMV, but I think in my case I have an account that is shared between the forum and the wiki, so changing one should change the other.

Otherwise, I would recommend changing it as soon as the old login is restored.
fxm
Posts: 10228
Joined: Apr 22, 2009 12:46
Location: Paris suburbs, FRANCE

Postby fxm » Nov 06, 2011 23:28

counting_pine wrote:
fxm wrote:- But how change my password when the wiki login page displays garbage?
Good question.

YMMV, but I think in my case I have an account that is shared between the forum and the wiki, so changing one should change the other.

Otherwise, I would recommend changing it as soon as the old login is restored.

But why change our password?
See below my previous remark:
fxm wrote:- Same behavior with Windows explorer which does not know any login-name and password!
(I use it very very rarely, because it is very old!)
Under Windows explorer, I think I am considered by wiki as a new user!
counting_pine
Site Admin
Posts: 6245
Joined: Jul 05, 2005 17:32
Location: Manchester, Lancs

Postby counting_pine » Nov 06, 2011 23:34

I don't understand your previous remark, sorry. Do you mean Windows or Internet Explorer?
It doesn't matter whether any browser remembers your password. If the hacked page has captured your password when you keyed it, or the hacker has obtained the file where it's hashed, then it's possible that it might be more easily guessable.
fxm
Posts: 10228
Joined: Apr 22, 2009 12:46
Location: Paris suburbs, FRANCE

Postby fxm » Nov 06, 2011 23:40

Yes, excuse me.
Replace 'Windows explorer' by 'Internet explorer'.
Else, I am using 'Firefox'.
fxm
Posts: 10228
Joined: Apr 22, 2009 12:46
Location: Paris suburbs, FRANCE

Postby fxm » Nov 07, 2011 21:26

My last successful login:
Sat, 22 Oct 2011 (KeyPgCondCreate ⇒ FxMwikki [Suppression of the link to KeyPgCondCreate itself])
My first connection with this garbaged page:
about 30 Oct 2011


And what about this recent change:
Fri, 28 Oct 2011:
(04:49 CDT) [history] - UserSettings ⇒ DrV
with the login-fields deletion.

While the last post from DrV dated Aug 15, 2009:
http://www.freebasic.net/forum/viewtopi ... ht=#124007


Does some hacker has usurped his identity?
DrV
Site Admin
Posts: 2116
Joined: May 27, 2005 18:39
Location: Midwestern USA
Contact:

Postby DrV » Nov 09, 2011 0:26

I didn't make the change, so I am not sure what happened. (counting_pine notified me that something was up, which is how I got here now.)

I've changed my account password. Hopefully that will take care of the problem. If not, feel free to email me.
counting_pine
Site Admin
Posts: 6245
Joined: Jul 05, 2005 17:32
Location: Manchester, Lancs

Postby counting_pine » Nov 09, 2011 14:32

v1ctor has reset the UserSettings page now, so everything should work again :)
DOS386
Posts: 798
Joined: Jul 02, 2005 20:55

Postby DOS386 » Nov 19, 2011 12:52

DrV wrote:I didn't make the change, so I am not sure what happened. (counting_pine notified me that something was up, which is how I got here now.) I've changed my account password. Hopefully that will take care of the problem. If not, feel free to email me.


Heh ... some hacker abused DrV's account :-( ... but now it's fixed :-)

Return to “Documentation”

Who is online

Users browsing this forum: No registered users and 3 guests