Community Forums
Connect with us on LinkedIn
apache parsing non php or cgi or pl scripts
  
+ Reply to Thread
Results 1 to 3 of 3
  1. 06-08-2006 08:26 AM #1
    dchepishev
    dchepishev is offline
    cPanel Partner NOC cPanel Partner NOC Badge
    Join Date
    Oct 2005
    Posts
    52

    Default apache parsing non php or cgi or pl scripts

    Hi all,
    Yesterday one of my users was hacked very easy. He has picture gallery on his site. The gallery is open for anyone to register. The evil guy registered and uploaded a php shell with name:

    ly.php.rar

    And the stupid apache is parsing this as php file. It parses ahything like: something.php.aaa.bbb.ccc.ddd as php file. It is absolutely the same with .pl and .cgi scripts.

    Does anyone of you guys knows how to disable this. I figured one way with mod_security and the following regex: SecFilterSelective THE_REQUEST ".*\.php\..*" . However I am interested if there is any other way to disable this.
    My config is:
    apache 1.3
    php 4.4.2 as CGI
    Reply With Quote Reply With Quote
  2. 06-08-2006 10:29 AM #2
    AndyReed
    AndyReed is offline
    cPanel Partner NOC cPanel Partner NOC Badge AndyReed's Avatar
    Join Date
    May 2004
    Location
    Minneapolis, MN
    Posts
    2,223

    Default

    Quote Originally Posted by dchepishev
    Yesterday one of my users was hacked very easy. He has picture gallery on his site. The gallery is open for anyone to register. The evil guy registered and uploaded a php shell with name:

    ly.php.rar
    You'll have to upgrade your client's Php script to the latest release and/or implement a security patch released by the author. You also need to clean up your server from the files downloaded and installed on your server. In addition to Mod Security, there are other things you can do to harden and secure your server.
    Andy Reed
    RHCE and CCNA
    ServerTune.com
    Reply With Quote Reply With Quote
  3. 06-08-2006 11:59 AM #3
    dchepishev
    dchepishev is offline
    cPanel Partner NOC cPanel Partner NOC Badge
    Join Date
    Oct 2005
    Posts
    52

    Default

    Quote Originally Posted by AndyReed
    You'll have to upgrade your client's Php script to the latest release and/or implement a security patch released by the author. You also need to clean up your server from the files downloaded and installed on your server. In addition to Mod Security, there are other things you can do to harden and secure your server.
    I am not sure you understand me correct. I am asking how this behavior can be disabled, not what to do now. This is not a bug in the php scripts. Actually any application which uploads files in the web tree will cause such problems. This is not a problem of the app. Apache is not supposed to handle files not ending with .php as php files.

    I know what to do, I want to know how can I stop this if possible .

    In apache 2.0.30 and up I think this should do the job: AcceptPathInfo Off
    But there is no such parameter for apache 1.3
    Reply With Quote Reply With Quote
«   PHPsuexec and Rewrite Rules | Very weird problem with my email... »     
Similar Threads & Tags
Similar threads

  1. make: *** [sapi/cgi/php-cgi] Error 1 on apache update
    By quicklyweb in forum cPanel and WHM Discussions
    Replies: 4
    Last Post: 09-27-2007, 08:32 AM
  2. I changed the IP of Exim, but what about cgi/php scripts?
    By noimad1 in forum cPanel and WHM Discussions
    Replies: 7
    Last Post: 11-23-2006, 09:32 AM
  3. CGI scripts not sending email, php scripts will
    By BianchiDude in forum cPanel and WHM Discussions
    Replies: 1
    Last Post: 11-17-2006, 04:20 AM
  4. cgi/php scripts slow
    By Daemon1 in forum cPanel and WHM Discussions
    Replies: 5
    Last Post: 05-19-2006, 04:04 AM
  5. Nobody-Mail-Problem with PHP & CGI-Scripts
    By JapAniManga.ch in forum cPanel and WHM Discussions
    Replies: 4
    Last Post: 08-08-2002, 02:01 AM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube