Hi,
MediaWiki 1.25.1 PHP 5.3.24 MySQL Software version: 5.5.35-33.0 - Percona Server (GPL), Release rel33.0, Revision 611
Please redirect me to the appropriate place to find out about this if this is not that place!
I have several entries in the server error log like this:
[Mon Jul 06 22:15:08 2015] [error] [client 32.210.12.43] File does not exist: /home/xxx.org/html/wiki/skins/common, referer: http://xxx.org/wiki/load.php?debug=false&lang=en&modules=mediawiki.legacy.commonPrint%2Cshared%7Cmediawiki.sectionAnchor%7Cmediawiki.skinning.content.externallinks%7Cmediawiki.skinning.interface%7Cmediawiki.ui.button%7Cskins.monobook.styles&only=styles&skin=monobook&*
and also:
[Sun Jul 12 21:46:48 2015] [error] [client 32.210.12.43] ModSecurity: Access denied with code 403 (phase 2). Operator GT matched 15 at TX:sql_injection_score. [file "/etc/httpd/modsecurity.d/modsecurity_crs_49_inbound_blocking.conf"] [line "51"] [id "4049002"] [msg "SQL Injection Detected (score 28): IE XSS Filters - Attack Detected."] [hostname "xxx.org"] [uri "/wiki/index.php"] [unique_id "VaMYiMDwsHkAAF6jhHEAAAA0"]
Obviously, someone/something at this server IP address is up to no good. I password protected our wiki for now using .htaccess (it's only for internal use, anyway).
Where can I find out more about this exploit(s) and what to do about it?
Thanks, mitzzzz