NEW script to protect against Perl and CGI attacks

abdelhost77

Well-Known Member
Apr 25, 2012
116
2
68
Morocco
cPanel Access Level
Root Administrator
First , Sorry fr my poor english :)


I suggest below a script that will bring some protection against Perl and CGI attacks , please dont hesitate to provide opinions , comments ..


Prerequisities : SUPHP + SUEXEC


PHP risk can be minimised by SUHOSIN Disabled functions , but a tricky Hacker can override this by running Perl , python or CGI script .

This script can be added to crontab each 10 min , and will suspend any cpanel account that run any CGI , Python , bash or perl script within his account ( with his account owner) ,you will be also alerted by mail , so you can check what script has been launched before may be ususpending the account .

The script dont consume any CPU or RAM .





DATE=`date +"%Y-%m-%d"`
p=0

grep $DATE /etc/httpd/logs/suexec_log > dailySuexec
grep -v -E "suspendedpage.cgi|redirect.cgi|wredirect.cgi|defaultwebpage.cgi|templatepreview.cgi" dailySuexec > resHack
texteH=`cat resHack`




username=`awk -F "gid:" '{ print $2 }' resHack | awk -F "/" '{ print $2 }' | awk -F ")" '{ print $1 }'`
us=`echo $username | cut -d" " -f1`



p=`cat resHack|wc -l`


if [ $p -ne "0" ]
then
echo $texteH| mail -s "Alerte CGI" [email protected]
/scripts/suspendacct $us
fi
 
Last edited: