In an article by Benoit Tessier, we learn that hackers at at it again with an old vulnerability to attack your web server.
In 2012, researchers discovered a flaw in some PHP builds that would enable a remote attacker to execute commands on the server, if PHP was configured as a CGI script (PHP-CGI) at the time. Now, it’s being used again to propagate a botnet and mine for Bitcoins.
Scanning for said flaws was easily automated, and the issue has been linked to various attacks several times over the years. This week, following a spike back in August, researchers at Trustwave noticed an uptick in attacks targeting the PHP-CGI flaw, and the endgame is the installation of BoSSBoTv2.
You might be interested in reading the entire story.