The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to Block WebShell?

Discussion in 'General Discussion' started by WiroWaas, Nov 9, 2006.

Thread Status:
Not open for further replies.
  1. WiroWaas

    WiroWaas Member

    Joined:
    Aug 11, 2006
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Anyone know how to completely block webshell (cgi/perl)?
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    The short answer is that you can't. The only realistic way is a good AUP and if you find one, terminate the client. The longer answer is that you might be able to catch a few with crafted mod_security rules, but since writing such a script is trivial and there's so many ways to do it, especially in perl, it would be very difficult to prevent.
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You can't unless you remove their ability to run any perl CGI scripts. That's why I said that it isn't possible.

    If you've installed mod_security through WHM, try uninstalling it and then reinstall it to quickly fix the error.
     
  4. WiroWaas

    WiroWaas Member

    Joined:
    Aug 11, 2006
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    A hacker still can use cgi/perl as a webshell from inside. How can I disable cgi/perl shell function like I disable functions show_source, system, shell_exec, passthru, exec on php.

    I've install mod_security but it make httpd failed to start.

    the error messege when I run /usr/local/apache/bin/apachectl configtest

    Strange!! There was no # on the line LoadModule security_module libexec/mod_security.so
     
    #4 WiroWaas, Nov 9, 2006
    Last edited: Nov 9, 2006
  5. WiroWaas

    WiroWaas Member

    Joined:
    Aug 11, 2006
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    OK, I'll try it.
     
  6. WiroWaas

    WiroWaas Member

    Joined:
    Aug 11, 2006
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Trying to reinstall it

    Trying to see the error message

    Check it, recheck it again.

    Got it, I found the line
    putted after the line
    lol, dunno how. The scripts write it that way, not me!!!

    Then I move the line
    before the line
    Restart the httpd
    GOT IT, but the GAME not OVER yet :(

    What should I do now with mod_security ?
     
  7. WiroWaas

    WiroWaas Member

    Joined:
    Aug 11, 2006
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
  8. david510

    david510 Well-Known Member

    Joined:
    Aug 22, 2004
    Messages:
    473
    Likes Received:
    0
    Trophy Points:
    16
    Add the following in your global php.ini file and restart apache.

    disable_functions = "exec,system,shell_exec,passthru,proc_open,proc_close,escapeshellcmd,popen,pcntl_exec,leak,chgrp,ini_alter"
     
  9. kashif

    kashif Active Member

    Joined:
    Jul 11, 2003
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Lahore
    Hi WiroWaas,
    Can you send me the modsec.user.conf as the URL[http://www.hostmerit.com/modsec.user.conf] is not working. Waiting for your prompt response...

    Thankyou,

    Regards,
     
  10. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    That post was 2 years old!!

    If you want a "prompt response" you'd be better off using Google to good effect, for instance, with search terms like "mod_security rules" or "mod_security cpanel rules". I beleive gotroot.com has some rules which are oft used, also the very knowledgeable eth00 has some but I forget his domain...
     
Loading...
Thread Status:
Not open for further replies.

Share This Page