Can't login into the Wiki

Forum for discussion about the documentation project.
Post Reply
DOS386
Posts: 798
Joined: Jul 02, 2005 20:55

Can't login into the Wiki

Post by DOS386 »

anyone else has problems? The login page displays garbage

http://www.freebasic.net/wiki/wikka.php ... erSettings

it won't even let my type any name or pwd ...
fxm
Moderator
Posts: 12081
Joined: Apr 22, 2009 12:46
Location: Paris suburbs, FRANCE

Re: Can't login into the Wiki

Post by fxm »

DOS386 wrote:anyone else has problems? The login page displays garbage

http://www.freebasic.net/wiki/wikka.php ... erSettings

it won't even let my type any name or pwd ...
Yes, IMHO it is since the recent change:
Fri, 28 Oct 2011:
(04:49 CDT) [history] - UserSettings ⇒ DrV
counting_pine
Site Admin
Posts: 6323
Joined: Jul 05, 2005 17:32
Location: Manchester, Lancs

Post by counting_pine »

Trying to call up the old UserSettings page from history doesn't seem to work either.

I don't know much PHP but I speculate that it's an attempt to make the server run some PHP, and/or it's trying to steal passwords. It probably wouldn't hurt to change your password if you've tried logging in recently.

At the bottom of the code seems to be an iframe pointing to what Firefox calls a "reported attack page".
fxm
Moderator
Posts: 12081
Joined: Apr 22, 2009 12:46
Location: Paris suburbs, FRANCE

Post by fxm »

counting_pine wrote:It probably wouldn't hurt to change your password if you've tried logging in recently.
- But how change my password when the wiki login page displays garbage?
(If I call 'Page History', I find at the button of the big page two duplicated login-fields (one in deletions section and other in oldest version section), but obviously the login attempt fails for both login-fields.)
It seems that the login-fields have been deleted!
Besides, I do not understand your proposal.

- Same behavior with Windows explorer which does not know any login-name and password!
(I use it very very rarely, because it is very old!)

- My last successful login:
Sat, 22 Oct 2011:
(15:10 CDT) [history] - KeyPgCondCreate ⇒ FxMwikki [Suppression of the link to KeyPgCondCreate itself]

- Is there been an update of the server?

- And what about this recent change:
Fri, 28 Oct 2011:
(04:49 CDT) [history] - UserSettings ⇒ DrV
with the login-fields deletion.
badidea
Posts: 2586
Joined: May 24, 2007 22:10
Location: The Netherlands

Post by badidea »

Seems hacked with the use of some C99Shell script:

http://www.securelist.com/en/descriptions/old188613

Things like:
array("find all .htpasswd files", "find / -type f -name .htpasswd")
array("show opened ports", "netstat -an | grep -i listen")

should not be there. so does:

"Killing process #".$kill."... ok. he is dead, amen."
counting_pine
Site Admin
Posts: 6323
Joined: Jul 05, 2005 17:32
Location: Manchester, Lancs

Post by counting_pine »

fxm wrote:- But how change my password when the wiki login page displays garbage?
Good question.

YMMV, but I think in my case I have an account that is shared between the forum and the wiki, so changing one should change the other.

Otherwise, I would recommend changing it as soon as the old login is restored.
fxm
Moderator
Posts: 12081
Joined: Apr 22, 2009 12:46
Location: Paris suburbs, FRANCE

Post by fxm »

counting_pine wrote:
fxm wrote:- But how change my password when the wiki login page displays garbage?
Good question.

YMMV, but I think in my case I have an account that is shared between the forum and the wiki, so changing one should change the other.

Otherwise, I would recommend changing it as soon as the old login is restored.
But why change our password?
See below my previous remark:
fxm wrote:- Same behavior with Windows explorer which does not know any login-name and password!
(I use it very very rarely, because it is very old!)
Under Windows explorer, I think I am considered by wiki as a new user!
counting_pine
Site Admin
Posts: 6323
Joined: Jul 05, 2005 17:32
Location: Manchester, Lancs

Post by counting_pine »

I don't understand your previous remark, sorry. Do you mean Windows or Internet Explorer?
It doesn't matter whether any browser remembers your password. If the hacked page has captured your password when you keyed it, or the hacker has obtained the file where it's hashed, then it's possible that it might be more easily guessable.
fxm
Moderator
Posts: 12081
Joined: Apr 22, 2009 12:46
Location: Paris suburbs, FRANCE

Post by fxm »

Yes, excuse me.
Replace 'Windows explorer' by 'Internet explorer'.
Else, I am using 'Firefox'.
fxm
Moderator
Posts: 12081
Joined: Apr 22, 2009 12:46
Location: Paris suburbs, FRANCE

Post by fxm »

My last successful login:
Sat, 22 Oct 2011 (KeyPgCondCreate ⇒ FxMwikki [Suppression of the link to KeyPgCondCreate itself])
My first connection with this garbaged page:
about 30 Oct 2011


And what about this recent change:
Fri, 28 Oct 2011:
(04:49 CDT) [history] - UserSettings ⇒ DrV
with the login-fields deletion.

While the last post from DrV dated Aug 15, 2009:
http://www.freebasic.net/forum/viewtopi ... ht=#124007


Does some hacker has usurped his identity?
DrV
Site Admin
Posts: 2116
Joined: May 27, 2005 18:39
Location: Midwestern USA
Contact:

Post by DrV »

I didn't make the change, so I am not sure what happened. (counting_pine notified me that something was up, which is how I got here now.)

I've changed my account password. Hopefully that will take care of the problem. If not, feel free to email me.
counting_pine
Site Admin
Posts: 6323
Joined: Jul 05, 2005 17:32
Location: Manchester, Lancs

Post by counting_pine »

v1ctor has reset the UserSettings page now, so everything should work again :)
DOS386
Posts: 798
Joined: Jul 02, 2005 20:55

Post by DOS386 »

DrV wrote:I didn't make the change, so I am not sure what happened. (counting_pine notified me that something was up, which is how I got here now.) I've changed my account password. Hopefully that will take care of the problem. If not, feel free to email me.
Heh ... some hacker abused DrV's account :-( ... but now it's fixed :-)
Post Reply