w.dnswl.org/, low * trust
* [74.125.82.52 listed in list.dnswl.org]
* -0.0 SPF_PASS SPF: sender matches SPF record
* 0.0 HTML_MESSAGE BODY: HTML included in message
* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
* 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
* valid
X-SA-Exim-Version: 4.2.1 (built Mon, 22 Mar 2010 06:51:10 +0000)
X-SA-Exim-Scanned: Yes (on mail.bitfolk.com)
Subject: Re: [bitfolk] PHP-CGI exploit probes seen - please make sure your
VPS is secured against this
X-BeenThere: users@???
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Users of BitFolk hosting <users.lists.bitfolk.com>
List-Unsubscribe: <https://lists.bitfolk.com/mailman/options/users>,
<mailto:users-request@lists.bitfolk.com?subject=unsubscribe>
List-Archive: <http://lists.bitfolk.com/lurker/list/users.html>
List-Post: <mailto:users@lists.bitfolk.com>
List-Help: <mailto:users-request@lists.bitfolk.com?subject=help>
List-Subscribe: <https://lists.bitfolk.com/mailman/listinfo/users>,
<mailto:users-request@lists.bitfolk.com?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 16:26:43 -0000
--e89a8f646d158d49fb04bf9cf742
Content-Type: text/plain; charset=ISO-8859-1
I see a couple of scans in my logs from a few days ago. Am I right in
thinking the only Debian fix available is in sid?
On May 9, 2012 3:22 PM, "Andy Smith" <andy@???> wrote:
> Hi,
>
> As you may be aware a major security problem was recently found in PHP when
> run in CGI mode. A customer has recently had their VPS compromised
> and has discovered probes for this vulnerability as described here:
>
>
> http://blog.sucuri.net/2012/05/php-cgi-vulnerability-exploited-in-the-wild.html
>
> So, if you are running PHP in CGI mode you absolutely must secure it
> against this.
>
> Cheers,
> Andy
>
> --
> http://bitfolk.com/ -- No-nonsense VPS hosting
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEAREDAAYFAk+qfa4ACgkQIJm2TL8VSQuJhQCcDEmoMJkMPV7agl7QQZA9D8O1
> SzgAoLYM0CtNXYLTURWslRykWONBlgxv
> =SrFn
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> announce mailing list
> announce@???
> https://lists.bitfolk.com/mailman/listinfo/announce
>
> _______________________________________________
> users mailing list
> users@???
> https://lists.bitfolk.com/mailman/listinfo/users
>
>
--e89a8f646d158d49fb04bf9cf742
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<p>I see a couple of scans in my logs from a few days ago. Am I right in th=
inking the only Debian fix available is in sid?</p>
<div class=3D"gmail_quote">On May 9, 2012 3:22 PM, "Andy Smith" &=
lt;<a href=3D"
mailto:andy@bitfolk.com">andy@???</a>> wrote:<br t=
ype=3D"attribution"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0=
.8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
As you may be aware a major security problem was recently found in PHP when=
<br>
run in CGI mode. A customer has recently had their VPS compromised<br>
and has discovered probes for this vulnerability as described here:<br>
<br>
=A0 =A0<a href=3D"
http://blog.sucuri.net/2012/05/php-cgi-vulnerability-exp=
loited-in-the-wild.html" target=3D"_blank">
http://blog.sucuri.net/2012/05/p=
hp-cgi-vulnerability-exploited-in-the-wild.html</a><br>
<br>
So, if you are running PHP in CGI mode you absolutely must secure it<br>
against this.<br>
<br>
Cheers,<br>
Andy<br>
<br>
--<br>
<a href=3D"
http://bitfolk.com/" target=3D"_blank">
http://bitfolk.com/</a> -=
- No-nonsense VPS hosting<br>
<br>-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.10 (GNU/Linux)<br>
<br>
iEYEAREDAAYFAk+qfa4ACgkQIJm2TL8VSQuJhQCcDEmoMJkMPV7agl7QQZA9D8O1<br>
SzgAoLYM0CtNXYLTURWslRykWONBlgxv<br>
=3DSrFn<br>
-----END PGP SIGNATURE-----<br>
<br>_______________________________________________<br>
announce mailing list<br>
<a href=3D"
mailto:announce@lists.bitfolk.com">announce@???</a=
><br>
<a href=3D"
https://lists.bitfolk.com/mailman/listinfo/announce" target=3D"_=
blank">
https://lists.bitfolk.com/mailman/listinfo/announce</a><br>
<br>_______________________________________________<br>
users mailing list<br>
<a href=3D"
mailto:users@lists.bitfolk.com">users@???</a><br>
<a href=3D"
https://lists.bitfolk.com/mailman/listinfo/users" target=3D"_bla=
nk">
https://lists.bitfolk.com/mailman/listinfo/users</a><br>
<br></blockquote></div>
--e89a8f646d158d49fb04bf9cf742--
From andy@??? Wed May 09 17:08:42 2012
Received: from andy by mail.bitfolk.com with local (Exim 4.72)
(envelope-from <andy@???>) id 1SSANW-0006TH-CH
for users@???; Wed, 09 May 2012 17:08:42 +0000
Date: Wed, 9 May 2012 17:08:42 +0000
From: Andy Smith <andy@???>
To: users@???
Messag
