Le 14/12/2016 à 07:40, Per Jessen a écrit :
aha, I see. So the weakness is clearly in the gallery software.
may be the software use some "ftp like" php functions, I dunno. I had vsftp active (and removed it, I don't use it now)
I googled "piwigo vulnerabilities", quite a few interesting hits.
not so bad: https://www.cvedetails.com/product/17862/?q=Piwigo
the piwigo dev that works on it said that he think its a ftp problem.
TBH, that sounds like a lame excuse for "I don't know, but surely it isn't me".
I dont think so, the dev I think of is really smart
ftp is easy to set up so it is safe to use
it's not the reputation it have and any setup would be
separate from piwigo anyway.
in fact I just notice this piwigo version is the only one I have that is setup in a personal account (user/public_html). The other are unaffected. It's easy to see because the attacker added files on the install that are easy to look at
if this is an ongoing problem, apparmor could probably help you.
dunno how, if the attacker uses "official" disk access methods thanks jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org