Hi Everyone, I'm seeing some funny business in our log files.
[Thu Apr 08 10:52:20.225624 2021] [php7:notice] [pid 1823] [client 71.179.5.32:29418] PHP Notice: Unknown: file created in the system's temporary directory in Unknown on line 0, referer: https://www.cryptopp.com/w/index.php?title=Linux&action=edit We override the upload directory for Apache, so nothing should be written to the system's temporary directory: # grep -IR 'temp_dir' /etc /etc/php/7.4/cli/php.ini:; Defaults to the system default (see sys_get_temp_dir) /etc/php/7.4/cli/php.ini:;sys_temp_dir = "/tmp" /etc/php/7.4/apache2/php.ini:; Defaults to the system default (see sys_get_temp_dir) /etc/php/7.4/apache2/php.ini:sys_temp_dir = "/var/lib/php/tmp" And: # ls -Al /var/lib/php drwxr-xr-x 3 www-data www-data 4096 Mar 31 17:04 modules drwx-wx-wt 2 www-data www-data 4096 Mar 27 2020 sessions drwxr-xr-x 2 www-data www-data 4096 Apr 8 11:37 tmp And: # grep base /etc/php/7.4/apache2/conf.d/99-security.ini open_basedir="/var/www/html/:/var/lib/php/" We are not sure what is going on. I guess we missed a setting somewhere. How is the attacker creating files on the system given they are not logged in? Thanks in advance. _______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
