Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Someone testing for CGI?

Discussion in 'Security' started by BottyZ, Jan 18, 2016.

  1. BottyZ

    BottyZ Member

    Joined:
    Jul 31, 2015
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Nottingham UK
    cPanel Access Level:
    Root Administrator
    Hi all,

    Really quick query for you I'd imagine. I've started seeing the occasional cgi error appearing in my error log on the vps, such as the following:

    Code:
    [Sun Jan 17 13:25:19.808822 2016] [cgi:error] [pid 7648] [client 191.236.119.223:1129] AH01215: (13)Permission denied: exec of '/usr/local/apache/cgi-bin/test-cgi' failed: /usr/local/apache/cgi-bin/test-cgi
[Sun Jan 17 13:25:19.809020 2016] [cgi:error] [pid 7648] [client 191.236.119.223:1129] End of script output before headers: test-cgi
    Code:
    [Thu Jan 14 17:20:53.060766 2016] [cgi:error] [pid 15159] [client 76.245.202.19:56494] AH02811: script not found or unable to stat: /usr/local/apache/cgi-bin/php4
[Thu Jan 14 17:20:53.320570 2016] [cgi:error] [pid 14712] [client 76.245.202.19:56502] AH02811: script not found or unable to stat: /usr/local/apache/cgi-bin/php5
[Thu Jan 14 17:20:54.117204 2016] [cgi:error] [pid 15225] [client 76.245.202.19:56535] AH02811: script not found or unable to stat: /usr/local/apache/cgi-bin/php
[Thu Jan 14 17:20:54.397840 2016] [cgi:error] [pid 16299] [client 76.245.202.19:56544] AH02811: script not found or unable to stat: /usr/local/apache/cgi-bin/php5-cli
[Thu Jan 14 17:20:55.217138 2016] [cgi:error] [pid 15329] [client 76.245.202.19:56582] AH02811: script not found or unable to stat: /usr/local/cpanel/cgi-sys/php5
[Thu Jan 14 17:20:55.477713 2016] [cgi:error] [pid 15146] [client 76.245.202.19:56592] AH02811: script not found or unable to stat: /usr/local/apache/cgi-bin/php.fcgi
[Thu Jan 14 17:20:55.734498 2016] [cgi:error] [pid 16404] [client 76.245.202.19:56605] AH02811: script not found or unable to stat: /usr/local/apache/cgi-bin/index.cgi
    I don't have any cgi scripts and have disabled them as far as I know. The only user on the vps is for my employers website and is managed by me (so no external users). The error above looks as if someone is attempting to use a cgi script on the vps, but is failing due to the fact its not enabled.

    Is it something to worry about? Would someone have to have already gained access to the vps to be able to even attempt the above?
     
    #1 BottyZ, Jan 18, 2016
    Last edited: Jan 18, 2016
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,409
    Likes Received:
    1,954
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    You can block the individual IP addresses in your firewall. I suggest installing a firewall management utility such as CSF if you have not already done so. The requests on their own are not harmful, but rather indicate an access attempt from a person or script that's likely checking for vulnerabilities.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Jan 18, 2016
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,011
    Likes Received:
    89
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    It is likely someone scanning for the old shellshock exploit (which has been patched for some time) but you would need the apache access logs from around that same time to verify.
     
    #3 quizknows, Jan 18, 2016
(You must log in or sign up to post here.)
Loading...
Similar Threads - Someone testing
  1. greektranslator

    Give access to someone via SSH key

    greektranslator, Nov 23, 2018, in forum: Security
    Replies:
    2
    Views:
    156
    cPanelLauren
    Nov 26, 2018
  2. keat63

    Testing http2 question

    keat63, Aug 3, 2017, in forum: EasyApache
    Replies:
    7
    Views:
    852
    cPanelMichael
    Sep 25, 2017
  3. albatroz

    black, gray and white box security testing tools for web application testing

    albatroz, Jun 12, 2017, in forum: Security
    Replies:
    1
    Views:
    495
    cPanelMichael
    Jun 13, 2017
  4. cPanelMichael

    Testing FreeTDS for EasyApache 4

    cPanelMichael, Mar 1, 2017, in forum: EasyApache
    Replies:
    29
    Views:
    4,434
    cPanelMichael
    Apr 19, 2017

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice