[mapserver-users] Server hacked via cgi-bin - Mapserver, PHP, …? How to better protect the machine now?
Jeff McKenna
jmckenna at gatewaygeomatics.com
Mon Dec 9 05:25:47 PST 2013
I know a security review was done on MS4W about a year ago, and several
important changes were made to improve security in terms of PHP misuse.
(servers running MS4W older than version 3.0.5, 2012-05-25, are vulnerable)
-jeff
--
Jeff McKenna
MapServer Consulting and Training Services
http://www.gatewaygeomatics.com/
On 2013-12-09 6:59 AM, Stefan Schwarzer wrote:
> Hi there,
>
> our server on which we have an application with mapserver running has been hacked two times within the last month. Each time (it seems), they succeeded to inject a perl script through /cgi-bin/.
>
> Now, not yet 100% how they came in… But it seems they came in via PHP in /cgi-bin/. But we're not 100% sure. If it would be the case, we could delete the PHP in /cgi-bin? Are there any reports on /cgi-bin/mapserv being hacked?
>
> Thanks for any hints,
>
> Stefan
More information about the MapServer-users
mailing list