The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Someone testing for CGI?

Discussion in 'Security' started by BottyZ, Jan 18, 2016.

  1. BottyZ

    BottyZ Member

    Joined:
    Jul 31, 2015
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Nottingham UK
    cPanel Access Level:
    Root Administrator
    Hi all,

    Really quick query for you I'd imagine. I've started seeing the occasional cgi error appearing in my error log on the vps, such as the following:

    Code:
    [Sun Jan 17 13:25:19.808822 2016] [cgi:error] [pid 7648] [client 191.236.119.223:1129] AH01215: (13)Permission denied: exec of '/usr/local/apache/cgi-bin/test-cgi' failed: /usr/local/apache/cgi-bin/test-cgi
    [Sun Jan 17 13:25:19.809020 2016] [cgi:error] [pid 7648] [client 191.236.119.223:1129] End of script output before headers: test-cgi
    Code:
    [Thu Jan 14 17:20:53.060766 2016] [cgi:error] [pid 15159] [client 76.245.202.19:56494] AH02811: script not found or unable to stat: /usr/local/apache/cgi-bin/php4
    [Thu Jan 14 17:20:53.320570 2016] [cgi:error] [pid 14712] [client 76.245.202.19:56502] AH02811: script not found or unable to stat: /usr/local/apache/cgi-bin/php5
    [Thu Jan 14 17:20:54.117204 2016] [cgi:error] [pid 15225] [client 76.245.202.19:56535] AH02811: script not found or unable to stat: /usr/local/apache/cgi-bin/php
    [Thu Jan 14 17:20:54.397840 2016] [cgi:error] [pid 16299] [client 76.245.202.19:56544] AH02811: script not found or unable to stat: /usr/local/apache/cgi-bin/php5-cli
    [Thu Jan 14 17:20:55.217138 2016] [cgi:error] [pid 15329] [client 76.245.202.19:56582] AH02811: script not found or unable to stat: /usr/local/cpanel/cgi-sys/php5
    [Thu Jan 14 17:20:55.477713 2016] [cgi:error] [pid 15146] [client 76.245.202.19:56592] AH02811: script not found or unable to stat: /usr/local/apache/cgi-bin/php.fcgi
    [Thu Jan 14 17:20:55.734498 2016] [cgi:error] [pid 16404] [client 76.245.202.19:56605] AH02811: script not found or unable to stat: /usr/local/apache/cgi-bin/index.cgi
    I don't have any cgi scripts and have disabled them as far as I know. The only user on the vps is for my employers website and is managed by me (so no external users). The error above looks as if someone is attempting to use a cgi script on the vps, but is failing due to the fact its not enabled.

    Is it something to worry about? Would someone have to have already gained access to the vps to be able to even attempt the above?
     
    #1 BottyZ, Jan 18, 2016
    Last edited: Jan 18, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,694
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You can block the individual IP addresses in your firewall. I suggest installing a firewall management utility such as CSF if you have not already done so. The requests on their own are not harmful, but rather indicate an access attempt from a person or script that's likely checking for vulnerabilities.

    Thank you.
     
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    It is likely someone scanning for the old shellshock exploit (which has been patched for some time) but you would need the apache access logs from around that same time to verify.
     
Loading...

Share This Page