The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

security issue :( please quik help

Discussion in 'Security' started by kuwaitnt, May 18, 2006.

  1. kuwaitnt

    kuwaitnt Well-Known Member

    Joined:
    Oct 13, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    hello

    i have server with this options :

    apache 1.3..34
    php 4.4.2 (cgi mode) + phpsuexec
    mod_perl
    mod_secureity


    some of our client have upload scripts when i check there are many cgi files upload

    on of theme cgi-telnet.cgi

    http://www.rohitab.com/cgiscripts/cgitelnet.html

    it was work now

    but it wasn't work before i update apache and add mod_perl + phpsuexec


    when i run this scripts and see it

    it was dangrous it can go to root dirs like /var /etc


    so please any help

    to stop cgi shell scripts ??
     
  2. OCX

    OCX Well-Known Member

    Joined:
    Sep 20, 2003
    Messages:
    232
    Likes Received:
    0
    Trophy Points:
    16
    edit your php.ini file

    find this line
    ====================================================
    ; This directive allows you to disable certain functions for security reasons.
    ; It receives a comma-delimited list of function names. This directive is
    ; *NOT* affected by whether Safe Mode is turned On or Off.
    disable_functions =
    ===================================================

    put in exec in the disable functions

    disable_functions = exec

    save then restart httpd

    OCX
     
  3. kuwaitnt

    kuwaitnt Well-Known Member

    Joined:
    Oct 13, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    iam already disable it :(

    but it was work also
     
  4. kuwaitnt

    kuwaitnt Well-Known Member

    Joined:
    Oct 13, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    it was perl script

    not php script


    should i remove mod_perl ??


    or there are other fix
     
  5. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    OCX suggestion is fine, but you need to do more to secure your server than de-activating certain applications. There are many threads posted in these forums on how to secure your server. Or get professional help!
     
Loading...

Share This Page