Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

-NoExecCGI and images

Discussion in 'Security' started by inetbizo, Jan 15, 2011.

  1. inetbizo

    inetbizo Well-Known Member

    Joined:
    Mar 28, 2008
    Messages:
    88
    Likes Received:
    2
    Trophy Points:
    58
    Location:
    New Smyrna Beach, FL US
    cPanel Access Level:
    Root Administrator
    Twitter:
    We're trying to prevent hackers from uploading perl scripts into apache writable folders in our ecommerce packages. Adding -NoExecCGI disables view of images on the rendered page. What would be a good solution to prevent XSS attacks using perl from a post to folder where images are stored?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    168
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    This error because of 500 Internal Server Error because of there isn't something named "-NoExecCGI" it's named "-ExecCGI"

    To allow it then you have to put "+ExecCGI" to disable "-ExecCGI"

    You can put these in the main httpd.conf replacing the current in the " Directory "/" "

    PHP:
    <Directory "/">
        
    Options -ExecCGI -FollowSymLinks -Includes IncludesNOEXEC Indexes -MultiViews SymLinksIfOwnerMatch
        AllowOverride AuthConfig Indexes Limit FileInfo Options
    =IncludesNOEXEC,Indexes,Includes,MultiViews,SymLinksIfOwnerMatch
    </Directory>
    Also you can simply put a rule into Mod Security to prevent working with *.pl...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice