I have a simple question, but have yet to find the solution. People are using files named "whatever.cgi" which allow them to gain root access to pretty much any server. From what I understand they get the hash code and are able to use it to login to whm.
Can someone offer suggestions to resolve this type of attack?
I have suphp, suhosin, safe cgi, modsecurity, clamav, and none of those prevent anything. Even if I disable cgi in apache settings they can still run the script with only a few adjustments.