9 May
2012
9 May
'12
2:56 p.m.
Help sought...
I'm running latest WP on Ubuntu LTS (10.04) using PHP5-CGI and lighttpd. I
know full well that my PHP5 will be vulnerable (v5.3.2, damn you Ubuntu;
CATCH UP FOR F**KS SAKE!!!), but I don't know how to go about securing it
in lighty (if I even need to). I do know that if I point a browser at
"index.php?-s", I get the front page of my blog back (as if I had left the
"?-s" off) and not anything that would scream "VULNERABLE!!!" at me.
Kind regards
Murray Crane
On 9 May 2012 15:22, Andy Smith <andy(a)bitfolk.com> wrote:
Hi,
As you may be aware a major security problem was recently found in PHP when
run in CGI mode. A customer has recently had their VPS compromised
and has discovered probes for this vulnerability as described here:
http://blog.sucuri.net/2012/05/php-cgi-vulnerability-exploited-in-the-wild.…
So, if you are running PHP in CGI mode you absolutely must secure it
against this.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEAREDAAYFAk+qfa4ACgkQIJm2TL8VSQuJhQCcDEmoMJkMPV7agl7QQZA9D8O1
SzgAoLYM0CtNXYLTURWslRykWONBlgxv
=SrFn
-----END PGP SIGNATURE-----
_______________________________________________
announce mailing list
announce(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/announce
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users