I know a security review was done on MS4W about a year ago, and several important changes were made to improve security in terms of PHP misuse. (servers running MS4W older than version 3.0.5, 2012-05-25, are vulnerable)
-jeff -- Jeff McKenna MapServer Consulting and Training Services http://www.gatewaygeomatics.com/ On 2013-12-09 6:59 AM, Stefan Schwarzer wrote: > Hi there, > > our server on which we have an application with mapserver running has been > hacked two times within the last month. Each time (it seems), they succeeded > to inject a perl script through /cgi-bin/. > > Now, not yet 100% how they came in… But it seems they came in via PHP in > /cgi-bin/. But we're not 100% sure. If it would be the case, we could delete > the PHP in /cgi-bin? Are there any reports on /cgi-bin/mapserv being hacked? > > Thanks for any hints, > > Stefan _______________________________________________ mapserver-users mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/mapserver-users
