The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Disabling cURL - Pros and Cons

Discussion in 'Security' started by intrinsic, Jan 17, 2014.

  1. intrinsic

    intrinsic Member

    Joined:
    Dec 29, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello cPanel team, we have noticed a surge of brute force attacks using cURL and thus bypassing traditional lockouts on some of our CMS installations.

    I know we can disable cURL through php.ini and the Apache compiler, however I would like to know whether or not it is recommended to leave cURL active (as we would like to prevent any loss of service).

    Would disabling cURL be an unwise decision?
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    A lot of stuff needs cURL.

    Are you saying the remote user agent is cURL? If so, removing it from your local system won't make a difference.

    Logs would help.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you elaborate a little more on the nature of the attack? For instance, how exactly was cURL used to bypass existing security policies?

    Thank you.
     
Loading...

Share This Page