How to disable Perl for all users?

[konrath]

Hello

I want disable perl for all users. How to ?

Hackers are using perl files to change the index page of all
sites on the server.

If I put 750 permission to /user/bin/perl the WHM, CPANEL and WEBMAI stop
working.

I want no more keep PERL to my users. Perl is very insecure !!!!

Thank you
Konrath

 

[thewebhosting]

Kindly visit below mentioned URL which mights helps you to solve your issue:

DevNetwork Forums • View topic - Can we disable PERL for all users?

 

[konrath]

Thank you

Konrath

 

[konrath]

Hello

The AddHandler cgi-script .cgi .pl was removed from httpd but scripts in perl still working.

Another sugestion?

Thank you
Konrath

 

[agressor]

if you remove from httpd.conf that line, hackers can add in .htaccess lines for execute cgi files with diferent extention like

AddHandler cgi-script .txt

and must be carfefull with allowoverirde because this can stop of work sites what use htaccess.


i create a thread there: http://forums.cpanel.net/f5/how-can-disable-cgi-bin-131657.html

but as u can see... the reply from tech.. is not satistactory. and the security problem still


Edit by cPanel staff:

the fix for me (for now) is: chmod -c 744 /usr/local/bin/perl

This will break cPanel. The permissions of the Perl binary file need to be left as 755 in order for cPanel to work. Changing the permissions of the Perl binary is not a valid way to secure your cPanel server.


cherss

Francisco.-

 

[JaredR.]

This will break cPanel

the fix for me (for now) is: chmod -c 744 /usr/local/bin/perl

This will break cPanel. Most cPanel functions run as the account user, and if the Perl binary file is not executable by anybody, errors will occur in cPanel. The permissions on the Perl binary file need to be left as 755 on a cPanel server.

 

[Stefan]

Hello,

Do you have any update about this issue.
I have tried also to disable cgi from whm for an user , but it is still working.
On httpd.conf for that site i have :
"
Options -ExecCGI -Includes
RemoveHandler cgi-script .cgi .pl .plx .ppl .perl
"
but not result.

I need also an solution that cant be overwritten by an user from htaccess.

Thank you

Stefan

 

[cPDan]

I'd start by revisiting the premise that “Perl is very insecure !!!!”:
1. You can do the same thing w/ a shell, php, ruby, python, etc etc.
2. They are probably leveraging a PHP exploit to, ultimately, execute arbitrary commands (that happen to be executing the perl binary in the case that prompted the question)

The real solution here is to harden PHP (how Apache runs it, what its allowed to do, etc) and make sure your users always update their PHP scripts.

Similar to my note here: http://forums.cpanel.net/f185/how-prevent-running-binary-files-178881.html#post1228062