PHP-CGI Vulnerability

Does WordFence protect against the recent PHP-CGI Vulnerability?

Personally I usually run WP w/ FastCGI which is unaffected by this, but wondering regardless as I’m sure I have at least one site out there without fastcgi turned on).

Hi Jon,

Older versions of Wordfence do give you a level of protection against CVE-2012-1823 and it’s predecessor. However we have just released 2.0.1 which includes specific detection of the attack vectors that we’re seeing.

This vulnerability is still not fixed and the PHP group is working as fast as they can to fix it. There are a few things folks have suggested like htaccess rules to filter out URL’s that contain dashes, but these tend to break many WordPress sites.

So right now we’re detecting any attack shells that are uploaded using this vulnerability and we will alert you and give you the ability to clean them. We also do our usual checks that will catch a lot of other malicious activity that this vulnerability may allow, like linking to URL’s on the google safe browsing list, uploading known malware, and so on.

Upgrade to 2.0.1 now for improved PHP-CGI protection.

Mark.

Thanks Mark! It’s awesome that you guys can respond to stuff like this so quickly.

No problem. We’re trying to find the most effective way to mitigate this attack, so very much appreciate your feedback.