I'm running Swish-e 2.4.3 from Debian Sarge, and I installed the Perl
CGI script to get a quick search engine up on my website. I was very
happy with it so I stuck with the CGI. I know nothing about Perl, but I
managed to hack the template file to output something that matches my site.
A few days ago I nearly had a heart attack when I saw what looked like a
script kiddie running arbitrary code in my apache error log. Thankfully
it appears that their script failed to do any damage, although only by
chance. I'm not 100% certain, but looks to me like they exploited the
Swish-e CGI somehow. Is it still actively used, has anyone else had a
problem with the security?
I know nothing about Perl, but I know a lot about PHP so I'd feel a lot
more comfortable running something PHP based. I've cobbled something
together using the moderately ancient Simple Web Search PHP3 script that
I found here http://webaugur.com/wares/sws.html
.. is there something more recent for PHP... something that perhaps
supports search term highlighting?
Thanks for your help!
Received on Thu May 18 01:52:08 2006