Results 1 to 6 of 6
  1. #1
    Join Date
    Oct 2007

    * problen with .cgi


    I have serious problems with ".cgi" with malicious code, with that the person who has these files to send spam through my server without any kind of block, could block this type of send SPAM with files ".cgi"?

    CentOS 5.2 - 64bits
    Exemplo of file executed: /usr/bin/perl /home/username/public_html/cgi-bin/erri/coms.cgi

  2. #2
    Join Date
    Jun 2003
    World Wide Web

    Make sure that Apache is compiled as Suexec ( When compiling Apache, you should include suexec to ensure that CGI applications and scripts run as the user that owns / executes them. This will help identify where malicious scripts are and who is running them. It will also enforce permission and environment controls )

    We also recommend compiling Apache + PHP with Suphp. Suphp forces all PHP scripts to run as the user who owns the script. This means that you will be able to identify the owner of all PHP scripts running on your server. If one is malicious, you will be able to find itís owner quickly and resolve the issue.

    Install Mod_security ( One of the best tools for preventing malicious Apache use ,is mod_security)

    Confirm /tmp is secured

    Scan the server thoroughly using latest scanning tools

    You need to check the Apache logs and domlogs to find how the script has been uploaded to the server. So that we can close that vulnerability and prevent it from further happening.

    All the above installations and scanning can be done with out any downtime

    Hope this info helps - the name says it all!
    Managed Cloud Servers
    Server Management and Monitoring
    24x7 outsourced customer support

  3. #3
    Join Date
    Oct 2007
    identify is not problen, i have instaled mod_security but how to configure to mod_security stop run this tip of file? i have onde salved if I send this file to forum u analise for me? or help-me to configure mod_security.

  4. #4
    Join Date
    May 2005
    Chicago, IL USA

    You might try asking this in the Technical and Security Issues forum.
    ||| Mike Bowers - Marketing Director
    ||| atOmicVPS LTD
    ||| OnApp Powered Linux & Windows Cloud Hosting ► [Shared] ► [Reseller] ► [VPS]
    ||| Follow the atOmicVPS Blog

  5. #5
    Join Date
    Mar 2003
    Moved > Technical & Security Issues .
    Specially 4 You
    JoneSolutions.Com ( Jones.Solutions ) is on the net 24/7 providing stable and reliable web hosting solutions and services since 2001

  6. #6
    Join Date
    May 2009
    If the account which contained the malicious CGI code was hacked, I would suggest you to check the server logs to find how it was injected.

    If it is via FTP, change the mode to passive, tighten the f/w rules. If it was via SSH, disable direct root login and grant bash only for potential customers if it is a shared hosting (that too jailed shell).

    mod_security uses string comparison and its difficult to find dynamic contents. All you can do is to configure mod_sec with common abuse strings

    Do enable suExec as mentioned by logicsupport.

Similar Threads

  1. problen with SPAM
    By feliper in forum Hosting Security and Technology
    Replies: 7
    Last Post: 04-27-2009, 04:19 AM
  2. problen with iptables
    By feliper in forum Dedicated Server
    Replies: 8
    Last Post: 03-27-2009, 09:55 PM
  3. Install problen !
    By BaiGanio in forum Computers and Peripherals
    Replies: 7
    Last Post: 08-30-2007, 09:27 AM
  4. Big Dns Problen
    By hostcost in forum Domain Names
    Replies: 0
    Last Post: 05-16-2003, 08:08 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts