27 Sep
2014
27 Sep
'14
1:32 a.m.
On Fri, 2014-09-26 at 16:05 -0700, John R Pierce wrote:
no. mod_cgi launches /bin/sh and passes it the command, even if the file doesn't exist. and /bin/sh is linked to bash
Don't use cgi. Have no /cgi directory. Don't load mod_cgi
Bash is patched (updated to new version). Automatically bloke IPs of anyone trying to hack Apache. Am I safe ?
Paul. England, EU.
Learning until I die or experience dementia.