Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

security issue :( please quik help

Discussion in 'Security' started by kuwaitnt, May 18, 2006.

  1. kuwaitnt

    kuwaitnt Well-Known Member

    Joined:
    Oct 13, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    156
    hello

    i have server with this options :

    apache 1.3..34
    php 4.4.2 (cgi mode) + phpsuexec
    mod_perl
    mod_secureity


    some of our client have upload scripts when i check there are many cgi files upload

    on of theme cgi-telnet.cgi

    http://www.rohitab.com/cgiscripts/cgitelnet.html

    it was work now

    but it wasn't work before i update apache and add mod_perl + phpsuexec


    when i run this scripts and see it

    it was dangrous it can go to root dirs like /var /etc


    so please any help

    to stop cgi shell scripts ??
     
  2. OCX

    OCX Well-Known Member

    Joined:
    Sep 20, 2003
    Messages:
    232
    Likes Received:
    0
    Trophy Points:
    166
    edit your php.ini file

    find this line
    ====================================================
    ; This directive allows you to disable certain functions for security reasons.
    ; It receives a comma-delimited list of function names. This directive is
    ; *NOT* affected by whether Safe Mode is turned On or Off.
    disable_functions =
    ===================================================

    put in exec in the disable functions

    disable_functions = exec

    save then restart httpd

    OCX
     
  3. kuwaitnt

    kuwaitnt Well-Known Member

    Joined:
    Oct 13, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    156
    iam already disable it :(

    but it was work also
     
  4. kuwaitnt

    kuwaitnt Well-Known Member

    Joined:
    Oct 13, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    156
    it was perl script

    not php script


    should i remove mod_perl ??


    or there are other fix
     
  5. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    4
    Trophy Points:
    193
    Location:
    Minneapolis, MN
    OCX suggestion is fine, but you need to do more to secure your server than de-activating certain applications. There are many threads posted in these forums on how to secure your server. Or get professional help!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice