The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Howto disable execute CGI script with other extention

Discussion in 'Security' started by activa, Jan 15, 2010.

  1. activa

    activa Well-Known Member

    Joined:
    May 23, 2006
    Messages:
    204
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Morocco
    cPanel Access Level:
    Root Administrator
    Hello ;

    i want to know if there are any methode to disable running cgi script with other extention and outside the cgi-bin directory ???

    today i have found someone has made the fallowing

    Create .htaccess with the fallowing content :

    Code:
    Options +FollowSymLinks
    DirectoryIndex seees.html
    Options +Indexes
    Options +ExecCGI
    AddType text/plain .php
    AddHandler server-parsed .php
    Addhandler cgi-script .gif
    
    
    <IfModule mod_security.c>
        SecFilterEngine Off
        SecFilterScanPOST Off
    </IfModule>

    and has rename script.cgi to script.gif & chmod the script.gif to 755 .

    and all is done .

    this script is the famous cgi-telnet . after he can get the list users and make symlink to another files user with this command :

    Code:
    ln -s /home/USERNAME/public_html/config.php  file1.txt

    and when yo put the file1.txt you can see the content og this file .

    anyone has this isseu ? or any suggestion solution to prevent like this attack .
     
  2. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    I would look at customizing the AllowOverride directive in the Apache configuration; this can be used to restrict what users may set via the Options directive. For verbose detail and clarification please refer to the official Apache/httpd documentation as linked below:
    http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride
     
  3. hostvn

    hostvn Member
    PartnerNOC

    Joined:
    Oct 1, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ha Noi, Viet Nam
    Add this Directory to httpd.conf
    That may help you. But hackers have many ways to local attack :) . I received report from my tester team, when symlink:
    and then using browser to view, webserver show forbiden, but when try to symlink:
    and then using link http://domain.com/ , it will show all config :)
     
Loading...

Share This Page