by wgbgn7 with SMTP id gn7so514340wgb.21
for <users@???>; Wed, 09 May 2012 09:26:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:sender:in-reply-to:references:date
:x-google-sender-auth:message-id:subject:from:to:content-type;
bh=upr3m/6g5LSkkNt6VUY0LZh45jnieVyyYLqY1QIJrdM=;
b=xkF7B94He9SOSGQnzyaZXnXXHBSgj4XjJf0dGTfBQtL0OCDuaXurVSzgKUrtF3HyOI
F4LX6ec2b3G9O6XD+vi6ynGuSazeJ6Aa1KNyRiY0s8pe5ueXhWhiO0DwPNhGL1E2YBqP
isnQ9Py5PLGzIfw43rrCjP9+lBdVQCkAkUgDoXx/GpQ1v0uVIS+xoiz/cUIPL5SuWEJ5
dPzivdI3DJavshjjbQ+1V+VqBArI+fS7Mp7nhjQL4W/B4X2rR++zArHAE9qw5hNadS7c
zdKaZWwgck3Tkp6PZwJ9d5PSuiZAoWBO9Ya+bOBZGffo2VdD70S+x+z9hm4fgaQAh/Up
9uLw==
MIME-Version: 1.0
Received: by 10.50.11.229 with SMTP id t5mr457921igb.24.1336580795877; Wed, 09
May 2012 09:26:35 -0700 (PDT)
Sender: adam.spiers@???
Received: by 10.42.246.71 with HTTP; Wed, 9 May 2012 09:26:35 -0700 (PDT)
Received: by 10.42.246.71 with HTTP; Wed, 9 May 2012 09:26:35 -0700 (PDT)
In-Reply-To: <20120509142238.GR12360@???>
References: <20120509142238.GR12360@???>
Date: Wed, 9 May 2012 17:26:35 +0100
X-Google-Sender-Auth: ov86Xfvfmwu2O9I1-RiQkEAgC-Y
Message-ID: <CAOkDyE-5g0aDiQgyBTR0LRTBc8TSQeVD+BCgFz07PH8iCwUEuQ@???>
From: Adam Spiers <bitfolk@???>
To: users@???
Content-Type: multipart/alternative; boundary=e89a8f646d158d49fb04bf9cf742
X-Virus-Scanner: Scanned by ClamAV on mail.bitfolk.com at Wed,
09 May 2012 16:26:42 +0000
X-SA-Exim-Connect-IP: 74.125.82.52
X-SA-Exim-Mail-From: adam.spiers@???
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
spamd2.lon.bitfolk.com
X-Spam-Level:
X-Spam-ASN: AS15169 74.125.0.0/16
X-Spam-Status: No, score=-0.7 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
HTML_MESSAGE, RCVD_IN_DNSWL_LOW,
SPF_PASS shortcircuit=no autolearn=disabled version=3.3.1
X-Spam-Report: * -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at
http://www.dnswl.org/, low * trust
* [74.125.82.52 listed in list.dnswl.org]
* -0.0 SPF_PASS SPF: sender matches SPF record
* 0.0 HTML_MESSAGE BODY: HTML included in message
* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
* 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
* valid
X-SA-Exim-Version: 4.2.1 (built Mon, 22 Mar 2010 06:51:10 +0000)
X-SA-Exim-Scanned: Yes (on mail.bitfolk.com)
Subject: Re: [bitfolk] PHP-CGI exploit probes seen - please make sure your
VPS is secured against this
X-BeenThere: users@???
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Users of BitFolk hosting <users.lists.bitfolk.com>
List-Unsubscribe: <https://lists.bitfolk.com/mailman/options/users>,
<mailto:users-request@lists.bitfolk.com?subject=unsubscribe>
List-Archive: <http://lists.bitfolk.com/lurker/list/users.html>
List-Post: <mailto:users@lists.bitfolk.com>
List-Help: <mailto:users-request@lists.bitfolk.com?subject=help>
List-Subscribe: <https://lists.bitfolk.com/mailman/listinfo/users>,
<mailto:users-request@lists.bitfolk.com?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 16:26:43 -0000
--e89a8f646d158d49fb04bf9cf742
Content-Type: text/plain; charset=ISO-8859-1
I see a couple of scans in my logs from a few days ago. Am I right in
thinking the only Debian fix available is in sid?
On May 9, 2012 3:22 PM, "Andy Smith" <andy@???> wrote:
> Hi,
>
> As you may be aware a major security problem was recently found in PHP when
> run in CGI mode. A customer has recently had their VPS compromised
> and has discovered probes for this vulnerability as described here:
>
>
> http://blog.sucuri.net/2012/05/php-cgi-vulnerability-exploited-in-the-wild.html
>
> So, if you are running PHP in CGI mode you absolutely must secure it
> against this.
>
> Cheers,
> Andy
>
> --
> http://bitfolk.com/ -- No-nonsense VPS hosting
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEAREDAAYFAk+qfa4ACgkQIJm2TL8VSQuJhQCcDEmoMJkMPV7agl7QQZA9D8O1
> SzgAoLYM0CtNXYLTURWslRykWONBlgxv
> =SrFn
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> announce mailing list
> announce@???
> https:/
