Help! Nginx Vulnerable Remote file inclusion

escavern nginx-forum at
Sat Dec 3 04:48:01 UTC 2011

I really need help here :(

my forum got hacked 3 times, and i detected the hacker use RFI(Remote
file inclusion) after i found an avatar image contain Phpshell code
inside it. and the weird thing is when i tried to use RFI on Apache it
will not run the phpshell,

You can see here:        <------------ using
NGINX and phpshell executed

and          <---------------- using
Apace and phpshell unable to executed

im using Nginx 0.8.53 and php-fpm

I really need solution to solve my problem guys. i want to stop the
image to get executed like Apache does..
Please give me solution. thanks

Posted at Nginx Forum:,219523,219523#msg-219523

More information about the nginx mailing list