Disabling cURL - Pros and Cons

intrinsic

Member
Dec 29, 2013
7
0
1
cPanel Access Level
Root Administrator
Hello cPanel team, we have noticed a surge of brute force attacks using cURL and thus bypassing traditional lockouts on some of our CMS installations.

I know we can disable cURL through php.ini and the Apache compiler, however I would like to know whether or not it is recommended to leave cURL active (as we would like to prevent any loss of service).

Would disabling cURL be an unwise decision?
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
A lot of stuff needs cURL.

Are you saying the remote user agent is cURL? If so, removing it from your local system won't make a difference.

Logs would help.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Hello cPanel team, we have noticed a surge of brute force attacks using cURL and thus bypassing traditional lockouts on some of our CMS installations.
Could you elaborate a little more on the nature of the attack? For instance, how exactly was cURL used to bypass existing security policies?

Thank you.