I point a browser at
"index.php?-s", I get the front page of my blog back (as if I had left the
"?-s" off) and not anything that would scream "VULNERABLE!!!" at me.
Kind regards
Murray Crane
On 9 May 2012 15:22, Andy Smith <andy@???> wrote:
> Hi,
>
> As you may be aware a major security problem was recently found in PHP when
> run in CGI mode. A customer has recently had their VPS compromised
> and has discovered probes for this vulnerability as described here:
>
>
> http://blog.sucuri.net/2012/05/php-cgi-vulnerability-exploited-in-the-wild.html
>
> So, if you are running PHP in CGI mode you absolutely must secure it
> against this.
>
> Cheers,
> Andy
>
> --
> http://bitfolk.com/ -- No-nonsense VPS hosting
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEAREDAAYFAk+qfa4ACgkQIJm2TL8VSQuJhQCcDEmoMJkMPV7agl7QQZA9D8O1
> SzgAoLYM0CtNXYLTURWslRykWONBlgxv
> =SrFn
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> announce mailing list
> announce@???
> https://lists.bitfolk.com/mailman/listinfo/announce
>
> _______________________________________________
> users mailing list
> users@???
> https://lists.bitfolk.com/mailman/listinfo/users
>
>
--f46d0444ede115ce5a04bf9bb6c6
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Help sought...<div><br></div><div>I'm running latest WP on Ubuntu LTS (=
10.04) using PHP5-CGI and lighttpd. I know full well that my PHP5 will be v=
ulnerable (v5.3.2, damn you Ubuntu; CATCH UP FOR F**KS SAKE!!!), but I don&=
#39;t know how to go about securing it in lighty (if I even need to). I do =
know that if I point a browser at "index.php?-s", I get the front=
page of my blog back (as if I had left the "?-s" off) and not an=
ything that would scream "VULNERABLE!!!" at me.</div>
<div><br></div><div><div>Kind regards<br><br>Murray Crane<br><br>
<br><br><div class=3D"gmail_quote">On 9 May 2012 15:22, Andy Smith <span di=
r=3D"ltr"><<a href=3D"
mailto:andy@bitfolk.com" target=3D"_blank">andy@bi=
tfolk.com</a>></span> wrote:<br><blockquote class=3D"gmail_quote" style=
=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
As you may be aware a major security problem was recently found in PHP when=
<br>
run in CGI mode. A customer has recently had their VPS compromised<br>
and has discovered probes for this vulnerability as described here:<br>
<br>
=A0 =A0<a href=3D"
http://blog.sucuri.net/2012/05/php-cgi-vulnerability-exp=
loited-in-the-w
