[mapserver-users] Server hacked via cgi-bin - Mapserver, PHP, …? How to better protect the machine now?
Lime, Steve D (MNIT)
Steve.Lime at state.mn.us
Mon Dec 9 06:29:20 PST 2013
Hi Stefan: We have fixed a few security issues over time and like any software there are most certainly existing defects. That said, I am unaware of any real-world exploit of the mapserv binary. Doesn't mean it hasn't happened, just that nothing has been communicated to the development team.
Steve
________________________________________
From: mapserver-users-bounces at lists.osgeo.org [mapserver-users-bounces at lists.osgeo.org] on behalf of Stefan Schwarzer [stefan.schwarzer at unep.org]
Sent: Monday, December 09, 2013 4:59 AM
To: mapserver-users at lists.osgeo.org
Subject: [mapserver-users] Server hacked via cgi-bin - Mapserver, PHP, …? How to better protect the machine now?
Hi there,
our server on which we have an application with mapserver running has been hacked two times within the last month. Each time (it seems), they succeeded to inject a perl script through /cgi-bin/.
Now, not yet 100% how they came in… But it seems they came in via PHP in /cgi-bin/. But we're not 100% sure. If it would be the case, we could delete the PHP in /cgi-bin? Are there any reports on /cgi-bin/mapserv being hacked?
Thanks for any hints,
Stefan
_______________________________________________
mapserver-users mailing list
mapserver-users at lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/mapserver-users
More information about the mapserver-users
mailing list