Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Technical

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Old 1st July 2014, 03:30
IzFazt IzFazt is offline
Junior Member
Join Date: Jul 2009
Posts: 27
Thanks: 2
Thanked 3 Times in 2 Posts
Exclamation vulnerability ISPconfig Wheezy

I am experinencing a tsunami of hacks after which phishing software is posted on my server by this exploit


on my installation following this tutorial :


anybody can tell me wether the hack is fixed by the solution in stackexchange or any other instances on vhosts ca also have cgi execute PHP ?
Reply With Quote
Sponsored Links
Old 1st July 2014, 08:44
till till is offline
Super Moderator
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,421
Thanks: 812
Thanked 5,205 Times in 4,081 Posts

First of all, this is a php vulnerability and its not related to the use of ispconfig. The vhosts by ispconfig use php-fcgi by default, so they were never affected. The vulnerability affects only old php versions and has been fixed last year august (if I remember correctly) by the php developers. If you have the current php updates installed on your server, then you should not be affected by this at all as the current php in wheezy is not vulnerable.

The workaround to disable php cgi is working, it has been published here already last year.
Till Brehm
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following 2 Users Say Thank You to till For This Useful Post:
IzFazt (1st July 2014), Williamsl (12th July 2014)
Old 1st July 2014, 16:45
IzFazt IzFazt is offline
Junior Member
Join Date: Jul 2009
Posts: 27
Thanks: 2
Thanked 3 Times in 2 Posts

thank you , stuff is outside my day-to-day knowledge so sorry of I said something out of the ordinary, very glad this is solving the hack, all is up to date, just this afternoon another hack attempt was registered and it failed
Reply With Quote
The Following User Says Thank You to IzFazt For This Useful Post:
Williamsl (22nd July 2014)


exploit, vulnerability ispconfig, wheezy

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Moving ispconfig fromo ubuntu 13.10 to debian wheezy not working masc Installation/Configuration 0 12th February 2014 20:57
about 150 mysql connection topedge Installation/Configuration 3 24th January 2014 09:14
Problem access ispconfig url wearth General 1 30th May 2013 13:50
around 80 sleeping connections created by ISPConfig bkilinc General 2 1st October 2012 16:12
Control Panel - E-mail Tab is empty domi-nik General 15 14th April 2011 18:17

All times are GMT +2. The time now is 04:36.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.