How to disable Perl for all users?

konrath

konrath

Well-Known Member
May 3, 2005
366
0
166
Brasil
Hello

I want disable perl for all users. How to ? :confused:

Hackers are using perl files to change the index page of all
sites on the server.

If I put 750 permission to /user/bin/perl the WHM, CPANEL and WEBMAI stop
working.

I want no more keep PERL to my users. Perl is very insecure !!!!

Thank you
Konrath
 
konrath

konrath

Well-Known Member
May 3, 2005
366
0
166
Brasil
Hello

The AddHandler cgi-script .cgi .pl was removed from httpd but scripts in perl still working.

Another sugestion?

Thank you
Konrath
 
A

agressor

Active Member
May 15, 2005
34
0
156
if you remove from httpd.conf that line, hackers can add in .htaccess lines for execute cgi files with diferent extention like

AddHandler cgi-script .txt

and must be carfefull with allowoverirde because this can stop of work sites what use htaccess.


i create a thread there: http://forums.cpanel.net/f5/how-can-disable-cgi-bin-131657.html

but as u can see... the reply from tech.. is not satistactory. and the security problem still


Edit by cPanel staff:

the fix for me (for now) is: chmod -c 744 /usr/local/bin/perl
Click to expand...
This will break cPanel. The permissions of the Perl binary file need to be left as 755 in order for cPanel to work. Changing the permissions of the Perl binary is not a valid way to secure your cPanel server.


cherss

Francisco.-
 
Last edited by a moderator:
J

JaredR.

Well-Known Member
Feb 25, 2010
1,834
23
143
Houston, TX
cPanel Access Level
Root Administrator
This will break cPanel

agressor said:
the fix for me (for now) is: chmod -c 744 /usr/local/bin/perl
Click to expand...
This will break cPanel. Most cPanel functions run as the account user, and if the Perl binary file is not executable by anybody, errors will occur in cPanel. The permissions on the Perl binary file need to be left as 755 on a cPanel server.
 
S

Stefan

Member
Jul 24, 2003
6
0
151
cPanel Access Level
DataCenter Provider
Hello,

Do you have any update about this issue.
I have tried also to disable cgi from whm for an user , but it is still working.
On httpd.conf for that site i have :
"
Options -ExecCGI -Includes
RemoveHandler cgi-script .cgi .pl .plx .ppl .perl
"
but not result.

I need also an solution that cant be overwritten by an user from htaccess.

Thank you

Stefan
 
cPDan

cPDan

cPanel Staff
Staff member
Mar 9, 2004
721
13
243
I'd start by revisiting the premise that “Perl is very insecure !!!!”:
1. You can do the same thing w/ a shell, php, ruby, python, etc etc.
2. They are probably leveraging a PHP exploit to, ultimately, execute arbitrary commands (that happen to be executing the perl binary in the case that prompted the question)

The real solution here is to harden PHP (how Apache runs it, what its allowed to do, etc) and make sure your users always update their PHP scripts.

Similar to my note here: http://forums.cpanel.net/f185/how-prevent-running-binary-files-178881.html#post1228062
 
  • Like
Reactions: postcd
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
G SOLVED The optional module, imagick, is not installed, or has been disabled Installation & Updates 6
N Disable PERL Installation & Updates 3
0 how to disable perl ? Installation & Updates 6
D CPanel users install perl module while compilers are disabled? Installation & Updates 2
P Should this be disabled perl threading enabled? Installation & Updates 0
Similar threads
SOLVED The optional module, imagick, is not installed, or has been disabled
Disable PERL
how to disable perl ?
CPanel users install perl module while compilers are disabled?
Should this be disabled perl threading enabled?
Top Bottom