Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

NEW script to protect against Perl and CGI attacks

Discussion in 'Security' started by abdelhost77, May 26, 2013.

  1. abdelhost77

    abdelhost77 Well-Known Member

    Apr 25, 2012
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    First , Sorry fr my poor english :)

    I suggest below a script that will bring some protection against Perl and CGI attacks , please dont hesitate to provide opinions , comments ..

    Prerequisities : SUPHP + SUEXEC

    PHP risk can be minimised by SUHOSIN Disabled functions , but a tricky Hacker can override this by running Perl , python or CGI script .

    This script can be added to crontab each 10 min , and will suspend any cpanel account that run any CGI , Python , bash or perl script within his account ( with his account owner) ,you will be also alerted by mail , so you can check what script has been launched before may be ususpending the account .

    The script dont consume any CPU or RAM .

    DATE=`date +"%Y-%m-%d"`

    grep $DATE /etc/httpd/logs/suexec_log > dailySuexec
    grep -v -E "suspendedpage.cgi|redirect.cgi|wredirect.cgi|defaultwebpage.cgi|templatepreview.cgi" dailySuexec > resHack
    texteH=`cat resHack`

    username=`awk -F "gid:" '{ print $2 }' resHack | awk -F "/" '{ print $2 }' | awk -F ")" '{ print $1 }'`
    us=`echo $username | cut -d" " -f1`

    p=`cat resHack|wc -l`

    if [ $p -ne "0" ]
    echo $texteH| mail -s "Alerte CGI"
    /scripts/suspendacct $us
    #1 abdelhost77, May 26, 2013
    Last edited: May 26, 2013
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice