[mapserver-users] Server hacked via cgi-bin - Mapserver, PHP, …? How to better protect the machine now?
Scott
public at postholer.com
Mon Dec 9 15:13:43 PST 2013
If I understand you correctly, you have the php executable in cgi-bin?
That is a major no, no. You should never do that, be it the php binary
or the perl binary as an attacker can pass command line parameters
directly to the executable bypassing your configuration file.
Only scripts like *.pl or *.php, which call the binary on the first line
ie, #!/usr/bin/php -q, should be placed in the cgi-bin directory.
As far as mapserve in cgi-bin, I don't know enough about it. Personally,
I would never put *any* executable in cgi-bin, including mapserv.
Scott
On 12/09/13 02:59, Stefan Schwarzer wrote:
> Hi there,
>
> our server on which we have an application with mapserver running has been hacked two times within the last month. Each time (it seems), they succeeded to inject a perl script through /cgi-bin/.
>
> Now, not yet 100% how they came in… But it seems they came in via PHP in /cgi-bin/. But we're not 100% sure. If it would be the case, we could delete the PHP in /cgi-bin? Are there any reports on /cgi-bin/mapserv being hacked?
>
> Thanks for any hints,
>
> Stefan
>
> _______________________________________________
> mapserver-users mailing list
> mapserver-users at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapserver-users
>
More information about the mapserver-users
mailing list