php code injection over cgi-bin
Hi,
We are facing attack throught code injection on cgi-bin...
We have default ISPConfig configuration done with tutorial on howtoforge.
The workaround is to remove from apache config.
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
Filip