NEW script to protect against Perl and CGI attacks


Well-Known Member
Apr 25, 2012
cPanel Access Level
Root Administrator
First , Sorry fr my poor english :)

I suggest below a script that will bring some protection against Perl and CGI attacks , please dont hesitate to provide opinions , comments ..

Prerequisities : SUPHP + SUEXEC

PHP risk can be minimised by SUHOSIN Disabled functions , but a tricky Hacker can override this by running Perl , python or CGI script .

This script can be added to crontab each 10 min , and will suspend any cpanel account that run any CGI , Python , bash or perl script within his account ( with his account owner) ,you will be also alerted by mail , so you can check what script has been launched before may be ususpending the account .

The script dont consume any CPU or RAM .

DATE=`date +"%Y-%m-%d"`

grep $DATE /etc/httpd/logs/suexec_log > dailySuexec
grep -v -E "suspendedpage.cgi|redirect.cgi|wredirect.cgi|defaultwebpage.cgi|templatepreview.cgi" dailySuexec > resHack
texteH=`cat resHack`

username=`awk -F "gid:" '{ print $2 }' resHack | awk -F "/" '{ print $2 }' | awk -F ")" '{ print $1 }'`
us=`echo $username | cut -d" " -f1`

p=`cat resHack|wc -l`

if [ $p -ne "0" ]
echo $texteH| mail -s "Alerte CGI" [email protected]
/scripts/suspendacct $us
Last edited: