I'm running latest WP on Ubuntu LTS (10.04) using PHP5-CGI and lighttpd. I know full well that my PHP5 will be vulnerable (v5.3.2, damn you Ubuntu; CATCH UP FOR F**KS SAKE!!!), but I don't know how to go about securing it in lighty (if I even need to). I do know that if I point a browser at "index.php?-s", I get the front page of my blog back (as if I had left the "?-s" off) and not anything that would scream "VULNERABLE!!!" at me.

Kind regards

Murray Crane

On 9 May 2012 15:22, Andy Smith <andy@bitfolk.com> wrote:

Hi,

As you may be aware a major security problem was recently found in PHP when
run in CGI mode. A customer has recently had their VPS compromised
and has discovered probes for this vulnerability as described here:

http://blog.sucuri.net/2012/05/php-cgi-vulnerability-exploited-in-the-wild.html

So, if you are running PHP in CGI mode you absolutely must secure it
against this.

Cheers,
Andy

--
http://bitfolk.com/ -- No-nonsense VPS hosting

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEAREDAAYFAk+qfa4ACgkQIJm2TL8VSQuJhQCcDEmoMJkMPV7agl7QQZA9D8O1
SzgAoLYM0CtNXYLTURWslRykWONBlgxv
=SrFn
-----END PGP SIGNATURE-----

_______________________________________________
announce mailing list
announce@lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/announce

_______________________________________________
users mailing list
users@lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users