I am experinencing a tsunami of hacks after which phishing software is posted on my server by this exploit http://security.stackexchange.com/questions/46566/protect-against-post-cgi-bin-php-attacks on my installation following this tutorial : http://www.howtoforge.com/perfect-server-debian-wheezy-apache2-bind-dovecot-ispconfig-3 anybody can tell me wether the hack is fixed by the solution in stackexchange or any other instances on vhosts ca also have cgi execute PHP ?
First of all, this is a php vulnerability and its not related to the use of ispconfig. The vhosts by ispconfig use php-fcgi by default, so they were never affected. The vulnerability affects only old php versions and has been fixed last year august (if I remember correctly) by the php developers. If you have the current php updates installed on your server, then you should not be affected by this at all as the current php in wheezy is not vulnerable. The workaround to disable php cgi is working, it has been published here already last year.
thank you , stuff is outside my day-to-day knowledge so sorry of I said something out of the ordinary, very glad this is solving the hack, all is up to date, just this afternoon another hack attempt was registered and it failed
