PmWiki /
AnalyzeResultsThis page contains the instructions and possible responses from using the Site Analyzer. Instructions for site administrators
Checking the "Allow pmwiki.org to save a copy of analysis results" box will save a copy of the analyzer results in a private (web inaccessible) section of the pmwiki.org server. Having copies of results from many systems will help us to improve the analyzer and future configuration and security options for the PmWiki distribution. Obtain site configuration ... no connection The analyzer was unable to connect to the site. This may be because the url was entered incorrectly, the site is behind a firewall, or is otherwise inaccessible to the pmwiki.org server. Obtain site configuration ... missing analyzer The analyzer was able to reach the site, but the site did not respond to the include_once("$FarmD/cookbook/analyze.php"); $AnalyzeKey = 'secret'; Obtain site configuration ... no key The analyzer was able to contact the site, but the site does not appear to have an $AnalyzeKey set. Obtain site configuration ... invalid key The analyzer reached the Obtain site configuration ... update A newer version of the analyze.php script is available -- you may wish to download it and re-run the analysis. $FarmD register_globals vulnerability ... ok Your site does not appear to have the $FarmD register globals vulnerability. $FarmD register_globals vulnerability ... vulnerable Your site appears to be vulnerable to the $FarmD register globals vulnerability. This vulnerability is being actively exploited in the wild, so you should do one of the following at the earliest opportunity:
All of the cookbook recipes active at this url appear to be up-to-date. Here's a list: (:recipetable:) There appear to be some new versions of cookbook scripts* available. Here's a list: (:recipetable:)
* Note: Not all scripts reported here are necessarily installed. This list includes all PHP scripts in the cookbook directory, regardless of whether they are included via config.php or not. (PmWiki reports on all scripts in the cookbook directory because they may be conditionally included in certain configurations.) Your site does not appear to have the AuthUser vulnerability. AuthUser vulnerability ... upgrade Your site does not have the AuthUser vulnerability at the moment. You are, however, strongly encouraged to upgrade to PmWiki version 2.2.2 or later, as some future configuration of your hosting server might put you at risk. AuthUser vulnerability ... probably vulnerable Your site may be vulnerable to AuthUser vulnerability, if it relies on the core module AuthUser for User:Password authentication. This vulnerability may be actively exploited in the wild, so you should do one of the following at the earliest opportunity:
Your site is running with $EnableDiag set to 1, and others are able to perform You may want to change local/config.php to have $EnableDiag=0 (PmWiki's default). A useful alternative to setting $EnableDiag in local/config.php is to set it in a per page customization, so that ?action=diag is enabled only on a single page instead of the entire site. To provide additional security use if (CondAuth($pagename, 'edit')) $EnableDiag = 1;
$ScriptUrl setting ... relative Your site has the $ScriptUrl variable set to a relative url -- i.e., without a leading http:// or https:// prefix. While this may appear to work in many situations, some web standards (e.g., web feeds and HTTP redirects) require the use of a fully-qualified (absolute) url. You may want to update your setting of $ScriptUrl to use an absolute url instead of a relative one. If you want PmWiki to use relative urls for its internal page links, try the $EnableLinkPageRelative setting. This page may have a more recent version on pmwiki.org: PmWiki:AnalyzeResults, and a talk page: PmWiki:AnalyzeResults-Talk. |