Can we disable PERL for all users?

Whether you are using Linux on the desktop or as a server, it's still good that you're using Linux. Linux related questions go here.

Moderator: General Moderators

Post Reply
kdman
Forum Newbie
Posts: 17
Joined: Sat Feb 09, 2008 5:52 pm

Can we disable PERL for all users?

Post by kdman »

I got a perl/cgi hack script like (shell php).
And since CGI is not highly needed so the best way to fix all cgi security is to disable cgi for users on the shared hosting server.

I had disable it from WHM and httpd.conf, but still there is a way to reactive it by the hacker from the .htaccess files.

So any suggestions please?
I'm using Apache 2.0 on Cent OS 4.6

Thanks.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Can we disable PERL for all users?

Post by Christopher »

You could remove "AllowOverride Options" from httpd.conf, but people may want to override other options in .htaccess.
(#10850)
kdman
Forum Newbie
Posts: 17
Joined: Sat Feb 09, 2008 5:52 pm

Re: Can we disable PERL for all users?

Post by kdman »

arborint wrote:You could remove "AllowOverride Options" from httpd.conf, but people may want to override other options in .htaccess.
Exactly.
That was the problem.
If we make:AllowOverride = None.
Then All directory protected with password will be free to browse.
End If

Any more suggestions please?
kdman
Forum Newbie
Posts: 17
Joined: Sat Feb 09, 2008 5:52 pm

Re: Can we disable PERL for all users?

Post by kdman »

I found the solution.
It's to remove this line from httpd.conf:
AddHandler cgi-script .cgi .pl

I hope it help any body found this topic ;)
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Re: Can we disable PERL for all users?

Post by Weirdan »

Couldn't you just uninstall perl interpreter (or modify its executable permissions to not allow web server user to run it)?
kdman
Forum Newbie
Posts: 17
Joined: Sat Feb 09, 2008 5:52 pm

Re: Can we disable PERL for all users?

Post by kdman »

Unfortunately, I can't uninstall the perl because it's needed by WHM/cPanel to work.
Also i tried in the first place to change the permission of perl, but the users of cPanel couldn't access it any more.

So i think it's the best solution for now :wink:
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Re: Can we disable PERL for all users?

Post by timvw »

Or you could make sure that the cpanel/whatever is ran by another useraccount which does have rights to use perl...
kdman
Forum Newbie
Posts: 17
Joined: Sat Feb 09, 2008 5:52 pm

Re: Can we disable PERL for all users?

Post by kdman »

timvw wrote:Or you could make sure that the cpanel/whatever is ran by another useraccount which does have rights to use perl...
The problem was to login to cPanel.
when somebody try to login then he is not login then his permission must be noBody.
So he can't login at all.
Post Reply