vulnerability ISPconfig Wheezy

Discussion in 'Technical' started by IzFazt, Jul 1, 2014.

  1. IzFazt

    IzFazt Member HowtoForge Supporter

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    First of all, this is a php vulnerability and its not related to the use of ispconfig. The vhosts by ispconfig use php-fcgi by default, so they were never affected. The vulnerability affects only old php versions and has been fixed last year august (if I remember correctly) by the php developers. If you have the current php updates installed on your server, then you should not be affected by this at all as the current php in wheezy is not vulnerable.

    The workaround to disable php cgi is working, it has been published here already last year.
  3. IzFazt

    IzFazt Member HowtoForge Supporter

    thank you , stuff is outside my day-to-day knowledge so sorry of I said something out of the ordinary, very glad this is solving the hack, all is up to date, just this afternoon another hack attempt was registered and it failed

Share This Page