The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Matt Wright's Scripts / NMS Project

Discussion in 'General Discussion' started by Ashocka, Aug 22, 2004.

  1. Ashocka

    Ashocka Member

    Joined:
    Aug 22, 2004
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    I have recently moved a site to CPanel. I have noticed a spider trying to find gateways into my site to break in, since it detected that I am running CPanel (port 2082). It checks for

    Code:
    /cgi-bin/formmail.pl
    /cgi-bin/contact.cgi
    /cgi-bin/mailform.pl
    /cgi-bin/formmail.cgi
    /mail.cgi
    /cgi3/
    /cgi-bin/FormMail.pl
    /cgi/formmail
    /cgi-bin/fmail.pl
    /cgi-bin/form.cgi
    /cgi-bin/contact.pl
    /formmail.pl
    /cgi-bin/feedback.cgi
    /cgi-bin/cgiemail/contact.txt
    /cgi-bin/mail.cgi
    /form-bin/deliver
    /cgi-bin/mail.pl
    /contact.cgi
    /cgi-bin/form.pl
    /cgi-bin/formmail/formmail.pl
    /cgi-bin/email.cgi
    /scripts/root.exe
    /cgi-bin/email.pl
    /scripts/..%c0%2f../winnt/system32/cmd.exe
    /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe
    /cgi-bin/chfeedback.pl
    /scripts/..%c1%1c../winnt/system32/cmd.exe
    /cgi-bin/npl_mailer.cgi
    /cgi-bin/FormMail.cgi
    /cgi-bin/ezformml.cgi
    /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe2
    /scripts/..%c1%9c../winnt/system32/cmd.exe
    /scripts/..%c0%af../winnt/system32/cmd.exe
    /scripts/..%252f../winnt/system32/cmd.exe
    /cgi-bin/mailer/mailer.cgi
    /MSADC/root.exe
    /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe
    /c/winnt/system32/cmd.exe
    /cgi-bin/formmail
    /cgi-bin/contact
    /scripts/..%255c../winnt/system32/cmd.exe
    /scripts/..%25%35%63../winnt/system32/cmd.exe
    /d/winnt/system32/cmd.exe
    /_vti_bin/owssvr.dll
    /MSOffice/cltreq.asp
    /cgi-bin/feedback.pl
    /cgi/FormMail.pl
    /cgibin/FormMail.cgi
    /formmail.cgi
    /cgi-bin/mailer.cgi
    /cgi-bin/sender.pl
    /cgi-bin/cgiemail/inquiry.txt
    /cgi/contact.cgi
    /cgi-bin/mailto
    /cgi-bin/tellafriend.pl
    /cgi-bin/asomail.cgi
    /cgi-bin/sendmail.cgi
    /cgi-bin/contactus.cgi
    /cgi-bin/mailer.pl
    /cgi-local/submit.cgi
    /cgi-bin/cgiemail/forms/order.txt
    /cgi-bin/openwebmail/openwebmail.pl
    /cgi-bin/nether-mail.pl
    /cgi-bin/mailto.cgi
    /cgi-bin/mailform.cgi
    /cgi-bin/referral.cgi
    /cgi-bin/webmailer.exe
    /formmail/formmail.cgi
    /default.ida
    /cgi-bin/friends.cgi
    /cgi-local/mailer.cgi
    /cgi-bin/af.cgi
    /cgi-bin/BFormMail.pl
    /%00
    /cgi-bin/tell/tell.cgi
    /cgi-bin/form_processor.pl
    /cgi-bin/contactus.pl
    /cgi/formmail.cgi
    /dp_tellafriend/scripts/tellafriend.cgi
    /cgi-bin/send.pl
    /cgi/tell/tell.cgi
    /emailform.pl
    /cgi-bin/yform.cgi
    /cgi-bin/comments.cgi
    /cgi-bin/formtomail.pl
    /cgi-bin/cgiemail/mailtemp.txt
    /cgibin/contact.cgi
    /sumthin
    /cgi-bin/send.cgi
    /email.cgi
    /cgi-bin/mailto.pl
    /cgi-bin/tellafriend.cgi
    /cgi-bin/af.pl
    /cgi-bin/cgiemail
    /cgi-bin/userform.cgi
    /cgi/formmail
    /cgi-bin/kontakt.pl
    /cgi-bin/anymail.cgi 
    
    Many of these are well know security holes. What is CPanel doing to address this? Why are they using Matt Wright's scripts, when it is widely known that they represent poor security and there are better alternatives such as nms-cgi.sourceforge.net ?

    Geoff
     
  2. SarcNBit

    SarcNBit Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    1,010
    Likes Received:
    3
    Trophy Points:
    38
    To address what? Spiders searching your site? What are you doing to address it?


    Did you bother looking at the scripts before posting?
     
  3. cPanelBilly

    cPanelBilly Guest

    cPanel actually doe not use any of these scripts. It does have a formmail in the cgi-sys but it was written and encoded by cpanel so that the source cannot be given out. They are just looking for vulnerable scripts, which unless you uploaded any, there would not be one.
     
  4. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Glad to see cpanel staff taking a more actve role in this forum.
     
  5. Ashocka

    Ashocka Member

    Joined:
    Aug 22, 2004
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    No, I didn't bother looking at the scripts before posting. Why should I install a script just too look at it? Especially when I find CPanel often does not always do a thorough job of uninstalls, leaving directories and files behind.

    What I did do though is look at the documentation. CPanel docs on Formmail clearly state that Matt Wrights scripts are used referencing them in the URL www.cpanel.net/docs/cp/formmailClone.htm, which leads to www.scriptarchive.com/readme/formmail.html which leads to www.scriptarchive.com/formmail.html which leads to FormMail.pl code .

    Don't you think that any reference to Matt Wright's scripts sets off alarm bells to anyone half aware of script vunerabilities? If you have to mention them because so many people know of them and use them blindly, why not state in you docs that you have implemented a better version of them for your customers protection, satisfaction and ease of mind? Then your documentation acts as your marketing of a great product.

    CPanel docs are very much out of date, behind version, and greatly under developed. This is where most people are going to look for the answers (I would expect).

    If the documentation was thorough and up to date, and showed that you were addressing these security concerns of users, how many less postings like this would you have to address, how many more users would be happy with the documentation and say; "Hey, CPanel are really addressing these issues, great". Surely you can't say the docs are up to date and satisfactory, or can you?

    No, I don't think CPanel has to do anything about such spiders, but I want to know that CPanel is doing it's best to implement the best possible solution that is out there or inhouse. I should be able to find that out for myself by reading the documentation, not having to post here, or anywhere else. What do you think?

    Geoff
     
  6. cPanelBilly

    cPanelBilly Guest

    Yes,
    We all know that the documentation is a little out of date. Ys, it is being worked on. I did explain to you however how it does work, it was originally Matt's Formmail, however after the last vulnerability it was replaced with a cpanel built encoded script. It uses all of the same calls as Matt's script as that was originally put there, hence why it was linked back there originally.
     
  7. Ashocka

    Ashocka Member

    Joined:
    Aug 22, 2004
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    Well can't you see how this lack of information or misinformation causes all sorts of problems, misunderstanding and missed marketing opportunities? Don't you see how misleading your documentation is when it is incorrect and misrepresentitive? What type of QA are you running on your docs? This could be easily fixed in a few hours, but has it been addressed? When will it be addressed? When can we see much better quality documentation?

    If I am a reseller how the hell am I supposed to support my users with such poor and misleading documentation? What do you expect people to do, ferret around to find out information you should be stating up front, for your own benefit and ours? Do you expect users to have to ferret around? Is that what you expect users to do? Why aren't the docs the definitive source of reference. What goes on at CPanel that this important level of product development is neglected?

    The docs are just SO out of date. When I see this type of neglect in a commercial product it makes me wonder just how many other things have been neglected, and it makes me wonder how the company runs its projects and its QA processes.

    These issues can be solved if documentation is up to date and thorough. You've got a lot of work to do in this area.

    Geoff
     
  8. cPanelBilly

    cPanelBilly Guest

  9. SarcNBit

    SarcNBit Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    1,010
    Likes Received:
    3
    Trophy Points:
    38
    So you do not end up posting a question about why they are using a script they do not use. ;)

    No arguments there. cPanel documentation is very dated. It would be nice to see it updated to reflect changes made with each and every STABLE release.
     
  10. Ashocka

    Ashocka Member

    Joined:
    Aug 22, 2004
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    If you read the post properly you would see that I followed the documentation rather than installing the script (and I had reasons for not doing that... poor uninstall completions). The docs referred to MW scripts. That is why I posted this in the first place.

    In any reasonable commercial software I expect there is a QA process which keeps the docs current with the releases, but this does not seem to be the case with CPanel.
     
  11. SarcNBit

    SarcNBit Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    1,010
    Likes Received:
    3
    Trophy Points:
    38
    Oh ya? Why not? :p
     
  12. cPanelBilly

    cPanelBilly Guest

    to keep it from being hacked :)
     
  13. Ashocka

    Ashocka Member

    Joined:
    Aug 22, 2004
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    I think it is better to follow this type of process. If CPanel are well aware of these issues, and improve the scripts and encode them, then that just helps give us a sense of how they are trying to improve these products. Just as long as they are still easy to use, and that seems to be at the heart of CPanel approach to product development.

    If I may just raise the issue of documentation again, if CPanel are doing this type of thing with scripts, then properly documenting it only helps create a market awareness of a company trying to work on improving and delivering an ever evolving product. It adds value to the company product, and also makes the documentation a valuable knowledge base, and gives great confidence in the users, resellers, sysadmins.

    Geoff
     
  14. cPanelBilly

    cPanelBilly Guest

    I do not disagree, please open bug report and have people vote on it, the more voted on ones are the ones that get looked at quickest.
     
Loading...
Similar Threads - Matt Wright's Scripts
  1. Giovanni Alabiso
    Replies:
    12
    Views:
    414

Share This Page