On 12/9/2013 5:59 AM, Stefan Schwarzer wrote:
Hi there,
our server on which we have an application with mapserver running has
been hacked two times within the last month. Each time (it seems),
they succeeded to inject a perl script through /cgi-bin/.
Now, not yet 100% how they came in… But it seems they came in via PHP
in /cgi-bin/. But we're not 100% sure. If it would be the case, we
could delete the PHP in /cgi-bin? Are there any reports on
/cgi-bin/mapserv being hacked?
Here is a write up I did on this for a client:
http://imaptools.com/downloads/cgi-bin-php-exploit.pdf
Hope this helps,
-Steve W
_______________________________________________
mapserver-users mailing list
[email protected]
http://lists.osgeo.org/mailman/listinfo/mapserver-users
