d,
09 May 2012 14:22:42 +0000
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: announce-bounces+users=lists.bitfolk.com@???
X-SA-Exim-Scanned: No (on mail.bitfolk.com); SAEximRunCond expanded to false
Subject: [bitfolk] PHP-CGI exploit probes seen - please make sure your VPS
is secured against this
X-BeenThere: users@???
Reply-To: users@???
List-Id: Users of BitFolk hosting <users.lists.bitfolk.com>
List-Unsubscribe: <https://lists.bitfolk.com/mailman/options/users>,
<mailto:users-request@lists.bitfolk.com?subject=unsubscribe>
List-Archive: <http://lists.bitfolk.com/lurker/list/users.html>
List-Post: <mailto:users@lists.bitfolk.com>
List-Help: <mailto:users-request@lists.bitfolk.com?subject=help>
List-Subscribe: <https://lists.bitfolk.com/mailman/listinfo/users>,
<mailto:users-request@lists.bitfolk.com?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 14:22:42 -0000
--===============0495376293==
Content-Type: multipart/signed; micalg=pgp-ripemd160;
protocol="application/pgp-signature"; boundary="X1xGqyAVbSpAWs5A"
Content-Disposition: inline
--X1xGqyAVbSpAWs5A
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi,
As you may be aware a major security problem was recently found in PHP when
run in CGI mode. A customer has recently had their VPS compromised
and has discovered probes for this vulnerability as described here:
http://blog.sucuri.net/2012/05/php-cgi-vulnerability-exploited-in-the-w=
ild.html
So, if you are running PHP in CGI mode you absolutely must secure it
against this.
Cheers,
Andy
--=20
http://bitfolk.com/ -- No-nonsense VPS hosting
--X1xGqyAVbSpAWs5A
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEAREDAAYFAk+qfa4ACgkQIJm2TL8VSQuJhQCcDEmoMJkMPV7agl7QQZA9D8O1
SzgAoLYM0CtNXYLTURWslRykWONBlgxv
=SrFn
-----END PGP SIGNATURE-----
--X1xGqyAVbSpAWs5A--
--===============0495376293==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
announce mailing list
announce@???
https://lists.bitfolk.com/mailman/listinfo/announce
--===============0495376293==--
From murray.crane@??? Wed May 09 14:56:50 2012
Received: from mail-ob0-f176.google.com ([209.85.214.176])
by mail.bitfolk.com with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16)
(Exim 4.72) (envelope-from <murray.crane@???>)
id 1SS8Jt-0008Uh-Tx
for users@???; Wed, 09 May 2012 14:56:50 +0000
Received: by obbef5 with SMTP id ef5so614174obb.21
for <users@???>; Wed, 09 May 2012 07:56:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type; bh=3M83nfzgOhLQiR2wyRjbPndJJP3d2NDZnS539CKldE0=;
b=ItUVlXnQQu8UJl9cL03WpjX5XtygovsKYNGaZ3Qo516cHIpMRiFvZI7ntJhj7Cq7P6
NfZkMJlzqiBKdXGK594rwYvdMpl7KUB4pIuEG73i2B5AscSg7KGicVt3k2K2KseDMuxr
eFA7PQ2IxxddHteGVC4lgj3DOx1KApJnG/KrmII68NqfwkeyMUxh9B5td9knjMSb4Odf
+CMCnW7iYKSKPfBi3doP1pDm8K0WTPcDGzh5yQXW+ckXYPXUDYrKWCbWV0ARK11K9RjF
QgDXK8D2F4aLU2RVqlLSaPKOuoZRSiYtpYXBaWSYr28iDzC3pfsQxqsrtofEEp9hQBAh
bjlQ==
MIME-Version: 1.0
Received: by 10.182.151.113 with SMTP id up17mr463895obb.40.1336575402560;
Wed, 09 May 2012 07:56:42 -0700 (PDT)
Received: by 10.60.9.102 with HTTP; Wed, 9 May 2012 07:56:42 -0700 (PDT)
In-Reply-To: <20120509142238.GR12360@???>
References: <20120509142238.GR12360@???>
Date: Wed, 9 May
