Hi Stefan: We have fixed a few security issues over time and like any software there are most certainly existing defects. That said, I am unaware of any real-world exploit of the mapserv binary. Doesn't mean it hasn't happened, just that nothing has been communicated to the development team.
Steve ________________________________________ From: [email protected] [[email protected]] on behalf of Stefan Schwarzer [[email protected]] Sent: Monday, December 09, 2013 4:59 AM To: [email protected] Subject: [mapserver-users] Server hacked via cgi-bin - Mapserver, PHP, …? How to better protect the machine now? Hi there, our server on which we have an application with mapserver running has been hacked two times within the last month. Each time (it seems), they succeeded to inject a perl script through /cgi-bin/. Now, not yet 100% how they came in… But it seems they came in via PHP in /cgi-bin/. But we're not 100% sure. If it would be the case, we could delete the PHP in /cgi-bin? Are there any reports on /cgi-bin/mapserv being hacked? Thanks for any hints, Stefan _______________________________________________ mapserver-users mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/mapserver-users _______________________________________________ mapserver-users mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/mapserver-users
