hacking attempts

[hostnex]

We have hacking attempts on some of our websites where hacker placed Perl scripts. We have tried all ways to disable perl on those accounts through WHM but still perl scripts were running. Now we have disabled cgi options directlythrough apache httpd.conf file by commenting out the line below for each account.

#ScriptAlias /cgi-bin/ /home/-----/public_html/cgi-bin/

Question is why cpanel is unable to disable cgi access for accounts even we have disabled it for specific websites from WHM. Also how we can preserve httpd.conf so cpanel updates could not change the settings.

 

[SB-Nick]

Hm, never played with this but did you try to uncheck the ExecCGI option in Main >> Service Configuration >> Apache Configuration >> Global Configuration?

As for the cPanel updates and httpd.conf you have to run: /usr/local/cpanel/bin/apache_conf_distiller --update every time you do a manual modification.

The best way to solve this would be to try to find why an intruder was able to inject that perl file into an account instead of disabling access, if they were able to inject a perl file they might be able to do the same with a php or any other file and gain access to your server.