The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

hacking attempts

Discussion in 'Security' started by hostnex, Oct 18, 2011.

  1. hostnex

    hostnex Well-Known Member

    Joined:
    May 2, 2008
    Messages:
    77
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Islamabad, Pakistan, Pakistan
    cPanel Access Level:
    Root Administrator
    We have hacking attempts on some of our websites where hacker placed Perl scripts. We have tried all ways to disable perl on those accounts through WHM but still perl scripts were running. Now we have disabled cgi options directlythrough apache httpd.conf file by commenting out the line below for each account.

    #ScriptAlias /cgi-bin/ /home/-----/public_html/cgi-bin/

    Question is why cpanel is unable to disable cgi access for accounts even we have disabled it for specific websites from WHM. Also how we can preserve httpd.conf so cpanel updates could not change the settings.
     
  2. SB-Nick

    SB-Nick Well-Known Member

    Joined:
    Aug 26, 2008
    Messages:
    134
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Hm, never played with this but did you try to uncheck the ExecCGI option in Main >> Service Configuration >> Apache Configuration >> Global Configuration?

    As for the cPanel updates and httpd.conf you have to run: /usr/local/cpanel/bin/apache_conf_distiller --update every time you do a manual modification.

    The best way to solve this would be to try to find why an intruder was able to inject that perl file into an account instead of disabling access, if they were able to inject a perl file they might be able to do the same with a php or any other file and gain access to your server.
     
Loading...

Share This Page