Is it possible to disable/prevent user from chaneg CURLOPT_REFERER in curl?

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Hello :)

While you could disable cURL itself through a custom php.ini file if you are using suPHP, I am not sure it's possible to disable CURLOPT_REFERER on a per-account basis. Could you elaborate on the specific security concern you have with it?

Thank you.
 

peratik

Member
Aug 31, 2013
16
0
1
cPanel Access Level
Root Administrator
Hello

There is a "Report-Type: login-attack Service: bruteforcelogin" attack from a script on our server to another server:

[15/Jan/2014:11:52:25 +0100] "POST wp-login.php HTTP/1.1" 200 3783 "-" "Mozilla/5.0 (Windows NT 6.2; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0"
I can't find the script because it changes the CURLOPT_REFERER