Over the past few days, an eight year old issue in php has been discovered; basically a specific configuration can result in anyone on the internet being able to execute code on your site. There is no fix at this time but there is a workaround. This only affects sites running PHP as a cgi script so most sites will not be vulnerable, but any site that has required a custom version of php be installed, such as to run Wordpress or even certain third party Miva Merchant modules that have php components, will be vulnerable to this and must be checked and protected asap.
First, here is what to look for to see if you would be potentially vulnerable to this attack; make an FTP connection to your site and look in the /cgi-bin directory for any files that start with php, such as php5, php-cgi, php.ini, etc. If you do not have them, you are not vulnerable.
If you do have them, because there is no fix from the php authors yet (it's potentially scheduled for release tomorrow), you need to implement the following code in your site's .htaccess file in the /httpdocs directory as a workaround:
Please do not wait for the official fix, this vulnerability is being actively exploited via automated processes running on hacked sites; thousands of sites are being compromised by the minute.
If you are not familiar with .htaccess files, how to modify them, how to create them if you do not have one or don't feel comfortable modifying the one on your site since a mistake can cause the site to not work, please open a ticket with us if you are hosted with us and we'll make the addition for you; just reference this thread.
First, here is what to look for to see if you would be potentially vulnerable to this attack; make an FTP connection to your site and look in the /cgi-bin directory for any files that start with php, such as php5, php-cgi, php.ini, etc. If you do not have them, you are not vulnerable.
If you do have them, because there is no fix from the php authors yet (it's potentially scheduled for release tomorrow), you need to implement the following code in your site's .htaccess file in the /httpdocs directory as a workaround:
Code:
RewriteEngine On
RewriteCond %{QUERY_STRING} ^[^=]*$
RewriteCond %{QUERY_STRING} %2d|\- [NC]
RewriteRule .? - [F,L]
#
If you are not familiar with .htaccess files, how to modify them, how to create them if you do not have one or don't feel comfortable modifying the one on your site since a mistake can cause the site to not work, please open a ticket with us if you are hosted with us and we'll make the addition for you; just reference this thread.
Comment