The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

NEW script to protect against Perl and CGI attacks

Discussion in 'Security' started by abdelhost77, May 26, 2013.

  1. abdelhost77

    abdelhost77 Well-Known Member

    Joined:
    Apr 25, 2012
    Messages:
    81
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    First , Sorry fr my poor english :)


    I suggest below a script that will bring some protection against Perl and CGI attacks , please dont hesitate to provide opinions , comments ..


    Prerequisities : SUPHP + SUEXEC


    PHP risk can be minimised by SUHOSIN Disabled functions , but a tricky Hacker can override this by running Perl , python or CGI script .

    This script can be added to crontab each 10 min , and will suspend any cpanel account that run any CGI , Python , bash or perl script within his account ( with his account owner) ,you will be also alerted by mail , so you can check what script has been launched before may be ususpending the account .

    The script dont consume any CPU or RAM .





    DATE=`date +"%Y-%m-%d"`
    p=0

    grep $DATE /etc/httpd/logs/suexec_log > dailySuexec
    grep -v -E "suspendedpage.cgi|redirect.cgi|wredirect.cgi|defaultwebpage.cgi|templatepreview.cgi" dailySuexec > resHack
    texteH=`cat resHack`




    username=`awk -F "gid:" '{ print $2 }' resHack | awk -F "/" '{ print $2 }' | awk -F ")" '{ print $1 }'`
    us=`echo $username | cut -d" " -f1`



    p=`cat resHack|wc -l`


    if [ $p -ne "0" ]
    then
    echo $texteH| mail -s "Alerte CGI" yourmail@gmail.com
    /scripts/suspendacct $us
    fi
     
    #1 abdelhost77, May 26, 2013
    Last edited: May 26, 2013
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page