Results 1 to 8 of 8

Thread: How to disable Perl for all users?

  1. #1
    Registered Member konrath's Avatar
    Join Date
    May 2005
    Location
    Brasil
    Posts
    371

    Arrow How to disable Perl for all users?

    Hello

    I want disable perl for all users. How to ?

    Hackers are using perl files to change the index page of all
    sites on the server.

    If I put 750 permission to /user/bin/perl the WHM, CPANEL and WEBMAI stop
    working.

    I want no more keep PERL to my users. Perl is very insecure !!!!

    Thank you
    Konrath

  2. #2
    Registered Member
    Join Date
    May 2008
    Posts
    1,202

    Default

    Kindly visit below mentioned URL which mights helps you to solve your issue:

    DevNetwork Forums • View topic - Can we disable PERL for all users?
    AccuWebHosting.Com | cPanel Hosting Provider Since 2003
    Cloud Powered Hosting | cPanel VPS
    Trusted by 20,000+ Clients Worldwide

  3. #3
    Registered Member konrath's Avatar
    Join Date
    May 2005
    Location
    Brasil
    Posts
    371

    Default

    Thank you

    Konrath

  4. #4
    Registered Member konrath's Avatar
    Join Date
    May 2005
    Location
    Brasil
    Posts
    371

    Default

    Hello

    The AddHandler cgi-script .cgi .pl was removed from httpd but scripts in perl still working.

    Another sugestion?

    Thank you
    Konrath

  5. #5
    Registered Member
    Join Date
    May 2005
    Posts
    34

    Default

    if you remove from httpd.conf that line, hackers can add in .htaccess lines for execute cgi files with diferent extention like

    AddHandler cgi-script .txt

    and must be carfefull with allowoverirde because this can stop of work sites what use htaccess.


    i create a thread there: http://forums.cpanel.net/f5/how-can-...in-131657.html

    but as u can see... the reply from tech.. is not satistactory. and the security problem still


    Edit by cPanel staff:

    the fix for me (for now) is: chmod -c 744 /usr/local/bin/perl
    This will break cPanel. The permissions of the Perl binary file need to be left as 755 in order for cPanel to work. Changing the permissions of the Perl binary is not a valid way to secure your cPanel server.



    cherss

    Francisco.-
    Last edited by cPanelJared; 06-18-2010 at 11:16 AM. Reason: Correcting misinformation

  6. #6
    cPanel Staff cPanelJared's Avatar
    Join Date
    Feb 2010
    Location
    Houston, TX
    Posts
    1,771
    cPanel/WHM Access Level

    Root Administrator

    Default This will break cPanel

    Quote Originally Posted by agressor View Post
    the fix for me (for now) is: chmod -c 744 /usr/local/bin/perl
    This will break cPanel. Most cPanel functions run as the account user, and if the Perl binary file is not executable by anybody, errors will occur in cPanel. The permissions on the Perl binary file need to be left as 755 on a cPanel server.
    For hands-on assistance, please reference our new support information page: Where should I go for support?
    cPResources: Support Options - Submit a ticket here - Additional Support Options - Forums Search - Mailing Lists(Alt) - Documentation - Find cPanel hosting


    -- Jared Ryan, Technical Analyst, cPanel Technical Support

  7. #7
    Registered Member
    Join Date
    Jul 2003
    Posts
    6
    cPanel/WHM Access Level

    DataCenter Provider

    Default

    Hello,

    Do you have any update about this issue.
    I have tried also to disable cgi from whm for an user , but it is still working.
    On httpd.conf for that site i have :
    "
    Options -ExecCGI -Includes
    RemoveHandler cgi-script .cgi .pl .plx .ppl .perl
    "
    but not result.

    I need also an solution that cant be overwritten by an user from htaccess.

    Thank you

    Stefan

  8. #8
    cPanel Staff
    Join Date
    Mar 2004
    Posts
    710

    Default Re: How to disable Perl for all users?

    I'd start by revisiting the premise that “Perl is very insecure !!!!”:
    1. You can do the same thing w/ a shell, php, ruby, python, etc etc.
    2. They are probably leveraging a PHP exploit to, ultimately, execute arbitrary commands (that happen to be executing the perl binary in the case that prompted the question)

    The real solution here is to harden PHP (how Apache runs it, what its allowed to do, etc) and make sure your users always update their PHP scripts.

    Similar to my note here: http://forums.cpanel.net/f185/how-pr...ml#post1228062

Similar Threads

  1. Disable PERL
    By nyanhost in forum New User Questions
    Replies: 3
    Last Post: 01-20-2014, 01:17 PM
  2. Replies: 1
    Last Post: 12-02-2013, 12:45 PM
  3. How to disable Perl Web Shell
    By konrath in forum Security
    Replies: 5
    Last Post: 02-27-2011, 11:31 PM
  4. disable perl for nobody
    By atokatli in forum Security
    Replies: 7
    Last Post: 10-29-2010, 06:17 PM
  5. how to disable perl ?
    By 0101 in forum cPanel & WHM Discussions
    Replies: 6
    Last Post: 04-17-2010, 10:36 AM
bargain