Skip to main content.
home | support | download

Back to List Archive

Swish-e CGI script security?

From: David Brooks <daveb(at)not-real.sucs.org>
Date: Thu May 18 2006 - 08:51:58 GMT
Hi everyone,

I'm running Swish-e 2.4.3 from Debian Sarge, and I installed the Perl 
CGI script to get a quick search engine up on my website. I was very 
happy with it so I stuck with the CGI. I know nothing about Perl, but I 
managed to hack the template file to output something that matches my site.

A few days ago I nearly had a heart attack when I saw what looked like a 
script kiddie running arbitrary code in my apache error log. Thankfully 
it appears that their script failed to do any damage, although only by 
chance. I'm not 100% certain, but looks to me like they exploited the 
Swish-e CGI somehow. Is it still actively used, has anyone else had a 
problem with the security?

I know nothing about Perl, but I know a lot about PHP so I'd feel a lot 
more comfortable running something PHP based. I've cobbled something 
together using the moderately ancient Simple Web Search PHP3 script that 
I found here http://webaugur.com/wares/sws.html
.. is there something more recent for PHP... something that perhaps 
supports search term highlighting?


Thanks for your help!

DaveB
Received on Thu May 18 01:52:08 2006