disable CGI

#1
Hello,

i cand find DisableCgiOverride
"DisableCgiOverride On" in Apache Style Configurations (Admin Console -> Configurations -> Server -> General).

i have add

<IfModule litespeed>
DisableCgiOverride On
</IfModule>
to httpd.conf file
but perl script is working yet

<Directory "/">
Options -ExecCGI -FollowSymLinks -Includes IncludesNOEXEC Indexes -MultiViews SymLinksIfOwnerMatch
AllowOverride AuthConfig Indexes Limit FileInfo Options=IncludesNOEXEC,Indexes,Includes,MultiViews,SymLinksIfOwnerMatch,FollowSymLinks
</Directory>


perl script work with
perl.tttt

and they add this for .httacess
Options FollowSymLinks MultiViews Indexes ExecCGI

AddType application/x-httpd-cgi .back

AddHandler cgi-script .tttt
AddHandler cgi-script .tttt

how i can disable it
 

NiteWave

Administrator
#5
not clear about your environment.
and they add this for .httacess
what's the relationship between "they" and you.

just for an suggestion: you can set /usr/bin/perl 's permission to disable the ability of user running perl cgi script.
 
#6
they are a hacker, if they run cgi and can break server security
by change chmod perl alo they can upload new perl file
and they change line 1 of perl script to new perl file
#!/home/user/public_html/perl
like this
 

NiteWave

Administrator
#7
now a bit more clear about your environment.

one more question: is this account belonging to this hacker ? so he can edit .htaccess file. yes, if someone can edit .htaccess, it's very difficult to prevent him to do anything bad further.
 
Top