The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Someone testing for CGI?

Discussion in 'Security' started by BottyZ, Jan 18, 2016.

  1. BottyZ

    BottyZ Member

    Joined:
    Jul 31, 2015
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Nottingham UK
    cPanel Access Level:
    Root Administrator
    Hi all,

    Really quick query for you I'd imagine. I've started seeing the occasional cgi error appearing in my error log on the vps, such as the following:

    Code:
    [Sun Jan 17 13:25:19.808822 2016] [cgi:error] [pid 7648] [client 191.236.119.223:1129] AH01215: (13)Permission denied: exec of '/usr/local/apache/cgi-bin/test-cgi' failed: /usr/local/apache/cgi-bin/test-cgi
[Sun Jan 17 13:25:19.809020 2016] [cgi:error] [pid 7648] [client 191.236.119.223:1129] End of script output before headers: test-cgi
    Code:
    [Thu Jan 14 17:20:53.060766 2016] [cgi:error] [pid 15159] [client 76.245.202.19:56494] AH02811: script not found or unable to stat: /usr/local/apache/cgi-bin/php4
[Thu Jan 14 17:20:53.320570 2016] [cgi:error] [pid 14712] [client 76.245.202.19:56502] AH02811: script not found or unable to stat: /usr/local/apache/cgi-bin/php5
[Thu Jan 14 17:20:54.117204 2016] [cgi:error] [pid 15225] [client 76.245.202.19:56535] AH02811: script not found or unable to stat: /usr/local/apache/cgi-bin/php
[Thu Jan 14 17:20:54.397840 2016] [cgi:error] [pid 16299] [client 76.245.202.19:56544] AH02811: script not found or unable to stat: /usr/local/apache/cgi-bin/php5-cli
[Thu Jan 14 17:20:55.217138 2016] [cgi:error] [pid 15329] [client 76.245.202.19:56582] AH02811: script not found or unable to stat: /usr/local/cpanel/cgi-sys/php5
[Thu Jan 14 17:20:55.477713 2016] [cgi:error] [pid 15146] [client 76.245.202.19:56592] AH02811: script not found or unable to stat: /usr/local/apache/cgi-bin/php.fcgi
[Thu Jan 14 17:20:55.734498 2016] [cgi:error] [pid 16404] [client 76.245.202.19:56605] AH02811: script not found or unable to stat: /usr/local/apache/cgi-bin/index.cgi
    I don't have any cgi scripts and have disabled them as far as I know. The only user on the vps is for my employers website and is managed by me (so no external users). The error above looks as if someone is attempting to use a cgi script on the vps, but is failing due to the fact its not enabled.

    Is it something to worry about? Would someone have to have already gained access to the vps to be able to even attempt the above?
     
    #1 BottyZ, Jan 18, 2016
    Last edited: Jan 18, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,264
    Likes Received:
    1,195
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    You can block the individual IP addresses in your firewall. I suggest installing a firewall management utility such as CSF if you have not already done so. The requests on their own are not harmful, but rather indicate an access attempt from a person or script that's likely checking for vulnerabilities.

    Thank you.
     
    #2 cPanelMichael, Jan 18, 2016
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    979
    Likes Received:
    73
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    It is likely someone scanning for the old shellshock exploit (which has been patched for some time) but you would need the apache access logs from around that same time to verify.
     
    #3 quizknows, Jan 18, 2016
(You must log in or sign up to post here.)
Loading...
Similar Threads - Someone testing
  1. cag8f

    How to BCC someone on all outgoing emails from server?

    cag8f, Mar 17, 2016, in forum: E-mail Discussions
    Replies:
    2
    Views:
    714
    Eric
    Mar 20, 2016
  2. Nurs1927

    can I stop someone from displaying my website on his domain?

    Nurs1927, Mar 11, 2016, in forum: General Discussion
    Replies:
    18
    Views:
    849
    Andy766
    Mar 28, 2016
  3. Valetia

    11.54: Disable email notifications when someone logs into cPanel

    Valetia, Feb 6, 2016, in forum: General Discussion
    Replies:
    1
    Views:
    428
    Infopro
    Feb 6, 2016
  4. albatroz

    black, gray and white box security testing tools for web application testing

    albatroz, Jun 12, 2017, in forum: Security
    Replies:
    1
    Views:
    64
    cPanelMichael
    Jun 13, 2017
  5. cPanelMichael

    Testing FreeTDS for EasyApache 4

    cPanelMichael, Mar 1, 2017, in forum: EasyApache
    Replies:
    29
    Views:
    1,652
    cPanelMichael
    Apr 19, 2017

Share This Page