Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

Forums
Forums

Quick Links
- Search Forums
- New Posts
Search titles only

Posted by Member:

Separate names with a comma.

Newer Than:

Search this thread only

Search this forum only

Display results as threads

More...

Useful Searches

Recent Posts
Resources
Resources

Quick Links
Feature Requests
Defects
Menu

This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to disable Perl for all users?

Discussion in 'General Discussion' started by konrath, Sep 21, 2009.

konrath Well-Known Member

Joined:

May 3, 2005

Messages:

367

Likes Received:

0

Trophy Points:

166

Location:

Brasil

Hello

I want disable perl for all users. How to ?

Hackers are using perl files to change the index page of all
sites on the server.

If I put 750 permission to /user/bin/perl the WHM, CPANEL and WEBMAI stop
working.

I want no more keep PERL to my users. Perl is very insecure !!!!

Thank you
Konrath

#1 konrath, Sep 21, 2009
thewebhosting Well-Known Member

Joined:

May 9, 2008

Messages:

1,201

Likes Received:

1

Trophy Points:

68

Kindly visit below mentioned URL which mights helps you to solve your issue:

DevNetwork Forums • View topic - Can we disable PERL for all users?

AccuWebHosting.Com | cPanel Hosting Provider Since 2003
₪ Cloud Powered Hosting | cPanel VPS
₪ Trusted by 20,000+ Clients Worldwide

#2 thewebhosting, Sep 21, 2009
konrath Well-Known Member

Joined:

May 3, 2005

Messages:

367

Likes Received:

0

Trophy Points:

166

Location:

Brasil

Thank you

Konrath

#3 konrath, Sep 21, 2009
konrath Well-Known Member

Joined:

May 3, 2005

Messages:

367

Likes Received:

0

Trophy Points:

166

Location:

Brasil

Hello

The AddHandler cgi-script .cgi .pl was removed from httpd but scripts in perl still working.

Another sugestion?

Thank you
Konrath

#4 konrath, Sep 22, 2009
agressor Active Member

Joined:

May 15, 2005

Messages:

34

Likes Received:

0

Trophy Points:

156

if you remove from httpd.conf that line, hackers can add in .htaccess lines for execute cgi files with diferent extention like

AddHandler cgi-script .txt

and must be carfefull with allowoverirde because this can stop of work sites what use htaccess.

i create a thread there: http://forums.cpanel.net/f5/how-can-disable-cgi-bin-131657.html

but as u can see... the reply from tech.. is not satistactory. and the security problem still

Edit by cPanel staff:

the fix for me (for now) is: chmod -c 744 /usr/local/bin/perl
Click to expand...

This will break cPanel. The permissions of the Perl binary file need to be left as 755 in order for cPanel to work. Changing the permissions of the Perl binary is not a valid way to secure your cPanel server.

cherss

Francisco.-

#5 agressor, Sep 23, 2009
Last edited by a moderator: Jun 18, 2010
cPanelJared Technical Analyst

Joined:

Feb 25, 2010

Messages:

1,835

Likes Received:

20

Trophy Points:

143

Location:

Houston, TX

cPanel Access Level:

Root Administrator

This will break cPanel

agressor said: ↑

the fix for me (for now) is: chmod -c 744 /usr/local/bin/perl
Click to expand...

This will break cPanel. Most cPanel functions run as the account user, and if the Perl binary file is not executable by anybody, errors will occur in cPanel. The permissions on the Perl binary file need to be left as 755 on a cPanel server.

For hands-on assistance, please reference our new support information page: Where should I go for support?
cPResources: Support Options - Submit a ticket here - Additional Support Options - Forums Search - Mailing Lists(Alt) - Documentation - Find cPanel hosting

-- Jared Ryan, Technical Analyst, cPanel Technical Support

#6 cPanelJared, Jun 18, 2010
Stefan Member

Joined:

Jul 24, 2003

Messages:

6

Likes Received:

0

Trophy Points:

151

cPanel Access Level:

DataCenter Provider

Hello,

Do you have any update about this issue.
I have tried also to disable cgi from whm for an user , but it is still working.
On httpd.conf for that site i have :
"
Options -ExecCGI -Includes
RemoveHandler cgi-script .cgi .pl .plx .ppl .perl
"
but not result.

I need also an solution that cant be overwritten by an user from htaccess.

Thank you

Stefan

#7 Stefan, Jul 30, 2010
cPDan cPanel Staff
Staff Member

Joined:

Mar 9, 2004

Messages:

715

Likes Received:

5

Trophy Points:

243

I'd start by revisiting the premise that “Perl is very insecure !!!!”:
1. You can do the same thing w/ a shell, php, ruby, python, etc etc.
2. They are probably leveraging a PHP exploit to, ultimately, execute arbitrary commands (that happen to be executing the perl binary in the case that prompted the question)

The real solution here is to harden PHP (how Apache runs it, what its allowed to do, etc) and make sure your users always update their PHP scripts.

Similar to my note here: http://forums.cpanel.net/f185/how-prevent-running-binary-files-178881.html#post1228062

#8 cPDan, Sep 13, 2012

postcd likes this.

(You must log in or sign up to post here.)

Loading...

Similar Threads - disable Perl users

Disable Yum auto updating?

gildas, Apr 19, 2018 at 3:19 AM, in forum: General Discussion

Replies:

3

Views:

64

cPanelLauren

Apr 19, 2018 at 10:47 AM
Disable error_log generation?

maxmizban, Apr 18, 2018, in forum: General Discussion

Replies:

3

Views:

57

cPanelLauren

Apr 19, 2018 at 8:31 AM
disable_auto_hostname_certificate

Nirjonadda, Apr 17, 2018, in forum: General Discussion

Replies:

1

Views:

37

cPanelLauren

Apr 18, 2018
Disable notifications on reboot

rhm.geerts, Apr 9, 2018, in forum: General Discussion

Replies:

3

Views:

56

cPanelLauren

Apr 10, 2018
SOLVED How can you disable two form authentication via root command?

WebHostPro, Mar 28, 2018, in forum: Security

Replies:

7

Views:

108

WebHostPro

Apr 3, 2018

Share This Page