disable CGI

Discussion in 'CGI/Perl/Python' started by bt5, May 25, 2012.

  1. bt5

    bt5 New Member

    Hello,

    i cand find DisableCgiOverride
    "DisableCgiOverride On" in Apache Style Configurations (Admin Console -> Configurations -> Server -> General).

    i have add

    <IfModule litespeed>
    DisableCgiOverride On
    </IfModule>
    to httpd.conf file
    but perl script is working yet

    <Directory "/">
    Options -ExecCGI -FollowSymLinks -Includes IncludesNOEXEC Indexes -MultiViews SymLinksIfOwnerMatch
    AllowOverride AuthConfig Indexes Limit FileInfo Options=IncludesNOEXEC,Indexes,Includes,MultiViews,SymLinksIfOwnerMatch,FollowSymLinks
    </Directory>


    perl script work with
    perl.tttt

    and they add this for .httacess
    Options FollowSymLinks MultiViews Indexes ExecCGI

    AddType application/x-httpd-cgi .back

    AddHandler cgi-script .tttt
    AddHandler cgi-script .tttt

    how i can disable it
  2. NiteWave

    NiteWave Administrator

    try: modify it to
    Options FollowSymLinks MultiViews Indexes -ExecCGI
  3. bt5

    bt5 New Member

    not fixed !!!
  4. bt5

    bt5 New Member

    is there any way to stop this
  5. NiteWave

    NiteWave Administrator

    not clear about your environment.
    what's the relationship between "they" and you.

    just for an suggestion: you can set /usr/bin/perl 's permission to disable the ability of user running perl cgi script.
  6. bt5

    bt5 New Member

    they are a hacker, if they run cgi and can break server security
    by change chmod perl alo they can upload new perl file
    and they change line 1 of perl script to new perl file
    #!/home/user/public_html/perl
    like this
  7. NiteWave

    NiteWave Administrator

    now a bit more clear about your environment.

    one more question: is this account belonging to this hacker ? so he can edit .htaccess file. yes, if someone can edit .htaccess, it's very difficult to prevent him to do anything bad further.

Share This Page