I got a perl/cgi hack script like (shell php).
And since CGI is not highly needed so the best way to fix all cgi security is to disable cgi for users on the shared hosting server.
I had disable it from WHM and httpd.conf, but still there is a way to reactive it by the hacker from the .htaccess files.
So any suggestions please?
I'm using Apache 2.0 on Cent OS 4.6
Thanks.
Can we disable PERL for all users?
Moderator: General Moderators
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: Can we disable PERL for all users?
You could remove "AllowOverride Options" from httpd.conf, but people may want to override other options in .htaccess.
(#10850)
Re: Can we disable PERL for all users?
Exactly.arborint wrote:You could remove "AllowOverride Options" from httpd.conf, but people may want to override other options in .htaccess.
That was the problem.
If we make:AllowOverride = None.
Then All directory protected with password will be free to browse.
End If
Any more suggestions please?
Re: Can we disable PERL for all users?
I found the solution.
It's to remove this line from httpd.conf:
AddHandler cgi-script .cgi .pl
I hope it help any body found this topic
It's to remove this line from httpd.conf:
AddHandler cgi-script .cgi .pl
I hope it help any body found this topic
Re: Can we disable PERL for all users?
Couldn't you just uninstall perl interpreter (or modify its executable permissions to not allow web server user to run it)?
Re: Can we disable PERL for all users?
Unfortunately, I can't uninstall the perl because it's needed by WHM/cPanel to work.
Also i tried in the first place to change the permission of perl, but the users of cPanel couldn't access it any more.
So i think it's the best solution for now
Also i tried in the first place to change the permission of perl, but the users of cPanel couldn't access it any more.
So i think it's the best solution for now
Re: Can we disable PERL for all users?
Or you could make sure that the cpanel/whatever is ran by another useraccount which does have rights to use perl...
Re: Can we disable PERL for all users?
The problem was to login to cPanel.timvw wrote:Or you could make sure that the cpanel/whatever is ran by another useraccount which does have rights to use perl...
when somebody try to login then he is not login then his permission must be noBody.
So he can't login at all.