Thread:Project:Support desk/Suddenly no acces anymore/reply

Hi!

Just to make sure: What you describe is a server error 403, not a MediaWiki error message (with the meaning: "You are not allowed to edit this page"), right?

It would be interesting to know, in how far this issue is reproducable: Does it always happen with the same page(s)? For all users or only for some? ...

What I can say however is that your MediaWiki version is outdated and does have known and unfixed security holes. Possible that these are somehow exploited. If you want to make sure this is not the case, you can (should?) do an upgrade to the newest version of the 1.19 branch. However, if you fear that you already have malicious code on the server, an upgrade might not fix that. Common places for malicious stuff are:


 * the central index.php file
 * somewhere (read as anywhere!) in the folder extensions/
 * somewhere in the folder images/

You should search for recently changed files in these folders. Compare the central index.php file with the one from the tarball. In the folder images/, every php file is suspicious. Maybe your .htaccess file has been changed in order to map other file extensions to the PHP interpreter; this then makes all files with these extensions suspicious as well...