The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

-NoExecCGI and images

Discussion in 'Security' started by inetbizo, Jan 15, 2011.

  1. inetbizo

    inetbizo Well-Known Member

    Joined:
    Mar 28, 2008
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    New Smyrna Beach, FL US
    cPanel Access Level:
    Root Administrator
    Twitter:
    We're trying to prevent hackers from uploading perl scripts into apache writable folders in our ecommerce packages. Adding -NoExecCGI disables view of images on the rendered page. What would be a good solution to prevent XSS attacks using perl from a post to folder where images are stored?
     
  2. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    This error because of 500 Internal Server Error because of there isn't something named "-NoExecCGI" it's named "-ExecCGI"

    To allow it then you have to put "+ExecCGI" to disable "-ExecCGI"

    You can put these in the main httpd.conf replacing the current in the " Directory "/" "

    PHP:
    <Directory "/">
        
    Options -ExecCGI -FollowSymLinks -Includes IncludesNOEXEC Indexes -MultiViews SymLinksIfOwnerMatch
        AllowOverride AuthConfig Indexes Limit FileInfo Options
    =IncludesNOEXEC,Indexes,Includes,MultiViews,SymLinksIfOwnerMatch
    </Directory>
    Also you can simply put a rule into Mod Security to prevent working with *.pl...
     

Share This Page