On Fri, 2014-09-26 at 16:05 -0700, John R Pierce wrote: > no. mod_cgi launches /bin/sh and passes it the command, even if the > file doesn't exist. and /bin/sh is linked to bash Don't use cgi. Have no /cgi directory. Don't load mod_cgi Bash is patched (updated to new version). Automatically bloke IPs of anyone trying to hack Apache. Am I safe ? Paul. England, EU. Learning until I die or experience dementia.