Nginx notice on vulnerability, because the vulnerability exists, use nginx +php web site set up to allow uploading pictures can be as long as hackers.
Until 5.21 morning, nginx not yet released a patch to fix the flaw; already have some web site was hacked, the administrator-speed fixed!

According to Netcraft statistics, until April 2010, a total of 13 million servers running nginx process; a very conservative estimate, at least 600 million servers running nginx and php support enabled; to conservative estimates, which 1 / 6, which is 1 million servers allow users to upload pictures.

Yes, to reiterate, because nginx loopholes, the 100 million units in the server by uploading pictures of the method may be easily implanted hacker trojan. Trojan implantation process is very simple to change the image upload it wants Trojans, as against a very large, not details.

Here’s what their great achievements, they have found that IIS, IE, FireFox, Maxthon, Window of the World, PHPWind, DeDeCMS, QQ mail, QuarkMail, EXTMail such as software vulnerabilities.

Since the introduction of 80sec, would have to introduce another top-level security is to focus security team WEB 80vul, the team is also composed of 80 boys after they discovered a large number of security vulnerabilities WEB APP, such as IE, Gmail, wordpress, PHPWind, DISCUZ, MYBB and so on.

According to the description 80sec security bulletin, the temporary repair methods are as follows, 3 choose one.

1, set the php.ini the cgi.fix_pathinfo to 0, restart php. The most convenient, but modify the settings of their own assessment of needs.

2, to nginx’s vhost configuration add the following contents, restart nginx. vhost fewer cases, very convenient.

if ($ fastcgi_script_name ~ \ ..* \ / .* php) (
return 403;
)

3, prohibits upload directory PHP program. Not need to do webserver, and the server if the vhost more difficult short-term surge; proposed vhost and server fewer occasions.