I would like to dissable from executing perl scripts on user accounts.
For example,now user can upload perl script for example with name script.pl:
Code:
#!/usr/bin/perl -w
print "Hello World!";
I would like to block it via mod_security - I don't want to allow running perl scripts with .pl extension at all. Is it possible for Apache 1.x?
How can pervent users ro run scripts start with #!/usr/bin/perl in anywhere.
Its a big security issue for run shell.
I'm trying to deny from the block of "192.168.1" without much success. Could someone around here divulge the error of my ways?
Here is the exact code I have in my .htaccess file:
Code:
AuthName "Test"
AuthType Basic
<Limit GET POST>
order deny,allow
deny from all
allow from 192.168.1.
</Limit>
Running programs named Perl with Heavy CPU usage, with the ownership of user apache.
We found the problem on Fedora 3 and Fedora 6.
In our case, it was the result of a Trojan activity.
Quick Solution
Check the cron jobs of user apache
crontab -u apache -e
*/1 * * * * perl /tmp/.tmp/tmpfile
delete the cronjob entry.
Also delete the file /tmp/.tmp/tmpfile
also added "apache" to the file /etc/cron.deny
That's all
Problem and solution in detail....
My apache VPS is having a minor problem.
Using SSH, I gave permission to my FTP username with code below:
chown -R user:ftpgroup /home/site
But my WP theme needs to set up that user I use is rewritable and use this code:
chown -R www-data:www-data /home/site
since using a php code to check WP user and it shows www-data.
MY PROBLEM: I need my FTP to able to write cause i use plugin to create backup and change plugin. My theme also need for both to work.
I can't seem to make run together. I can change group or FTP as long as I can have m WP working.
Is there any way to totally block php shell scripts on users accounts, i don't mean like the java shell in cPanel i mean a php shell script like the kind frequently used by hackers...
View 11 Replies View RelatedI am having Virtuozzo vps with cpanel/WHM installed.I have created some accounts in it by setting disk quota . Now the issue is : some users are using space over the allocted one ,when i use the command quota -u (username),i can see that the users are used the space over the allocated one and they are still allowed to upload file . How to fix this issue ?
View 6 Replies View RelatedOn a new server we have running CPanel, we have manually created a user account and when i try and log into mydomain.com/whm with that username/password it doesn't let me.
Now my second thought is that I should be logging into mydomain.com/cpanel rather than mydomain.com/whm but I get a 404 for /cpanel.
If i'm logged in as root, i cannot transfer into the user account cpanel either...
I don't know why, but only one server with Plesk 12 if i create additional ftp accounts not working. i receive error:
530 User cannot log in, home directory inaccessible.
If i use principal FTP account works fine.
Transfer accounts to new server - unlimited quota in all accounts.
I trying
Code:
quotaoff -av
quotaon -av
/scripts/updatenow
/scripts/initquotas
/scripts/fixquotas
Code:
[root@serwer /]# /scripts/updatenow
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Running updatenow manually may cause /scripts to become
out of sync with the cPanel installation. This can cause
a variety of problems.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Code:
[root@serwer /]# /scripts/initquotas
Warning virtual file systems are mounted. Quota's may be counted as double for users who are currently logged in. Please have jailshell users logout before running quotacheck in the future! All jailed users will be logged out in 60 seconds!
Broadcast message from root (Tue Jul 17 19:47:41 2007):
Warning! The system is about to perform quota maintenance. All users will be
logged out in 60 seconds. PLEASE Do not log back in for 30 minutes, or you may
inadvertantly disable your account.
jailshell: no process killed
Quotas are now on
Code:
[root@serwer /]# /scripts/fixquotas
Installing Default Quota Databases......Done
Warning virtual file systems are mounted. Quota's may be counted as double for users who are currently logged in. Please have jailshell users logout before running quotacheck in the future! All jailed users will be logged out in 60 seconds!
Broadcast message from root (Tue Jul 17 19:49:17 2007):
Warning! The system is about to perform quota maintenance. All users will be
logged out in 60 seconds. PLEASE Do not log back in for 30 minutes, or you may
inadvertantly disable your account.
No filesystems with quota detected.
Resetting quota for adamkaro to 1024 M
No filesystems with quota detected.
Resetting quota for adammore to 1024 M
No filesystems with quota detected.
Resetting quota for adamna to 1536 M
No filesystems with quota detected.
Resetting quota for adasmp3 to 1024 M
I thought I knew enough about my .htaccess stuff to do this, but I can't seem to work it out. What I want to do is if a user visits domain.com/folder, we check to see if the folder exists. If so, show as normal (IE domain.com/support)
If a user visits domain.com/dynamicusername (dynamicusername is not a physical folder), redirect to dynamicusername.domain.com
When i was running top -cd2 command following scripts are taking high cup uses on server. But when we are go home directory we didn't find any thing.
24489 "User Name" 20 0 6732 5084 1164 S 8.0 0.2 11:00.69 /usr/bin/perl -w hnc.cgi
26456 "User Name" 20 0 6876 5080 1164 S 8.0 0.2 7:23.47 /usr/bin/perl -w hnc.cgi
32569 "User Name" 20 0 6748 5056 1164 S 7.5 0.2 8:57.30 /usr/bin/perl -w hnc.cgi
update us why this script are running under some particular users and what the application of this script.
I have a website is written by Perl language. I donnt know how to run it.
I installed Activeperl 5.0 and IIS is running. I have heared someone who told me that need to install a software as Emperl/ html-emperl, is it right?
How do you install perl on a centos 5?
View 3 Replies View Relatedi have big problem all Forums in my server hacked by perl symlink see all config.php by shell perl in .txt by include
i solve it by make perl permission 000 but all thing in cpanel stop cause cpanel by perl
A client's server's password was guessed, and the hacker conveniently uninstalled perl. I can't seem to get perl reinstalled. Any ideas on how this would be done? RPM, TAR's and YUM don't work, as they require perl!
Is this going to be a reinstall job?
all we know that perl language its using in alot of scripts and alot of system admins stop it why this why u dont try stopp the problems from it and make ur client have perl to used it in scripts lets try this if some one need to see passwd he will do cat /etc/passwd what about make this chmod 700 /bin/cat and he will used wget to get files what about this chmod 700 /usr/bin/wget and lynx what about chmod 700 /usr/bin/lynx in this case we make root only can using this commands any system admin sure know now the idea and he can use it as he want ,, this secured method not only in perl its in another programing language put i give this as a clear exampel.
View 5 Replies View RelatedI have a Centos VPS with Cpanel. I have begun receiving some email notifications, apparantly from my cpanel... The latest one says that the version of perl I am running is too old.
Subj: [checkperlmodules] perl version too old (v5.8.8 required, v5.8.7 is installed.)
Are there any problems or dire consequences from upgrading or side effects? What version should I upgrade to?
I've been trying to figure this out for about the past week and haven't had any success.
Can't locate funcs.pl in @INC (@INC contains: lib/perl . /usr/lib/perl5/5.8.8/i686-linux /usr/lib/perl5/5.8.8 /usr/lib/perl5/site_perl/5.8.8/i686-linux /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl) at ./terr.pl line 28.
I'm trying to run perl magick.
ive been trying to install it for about 3 hours and ive finally got it working. now, how do i configure it to be nice and secure?
first thing is that i want to restrict which paths people can use in scripts. my site needs to access any paths but site users can only access their own directories. i want the exact same thing as in this thread but with perl instead of php
how do i block certain functions and which ones do i block? i heard perl and php are very similar so im guessing i want to block similar functions to the ones listed here
Tasks: 150 total, 7 running, 143 sleeping, 0 stopped, 0 zombie
Cpu(s): 76.9% us, 23.1% sy, 0.0% ni, 0.0% id, 0.0% wa, 0.0% hi, 0.0% si
Mem: 1026224k total, 604068k used, 422156k free, 61396k buffers
Swap: 1052248k total, 140736k used, 911512k free, 233200k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
12825 apache 25 0 6752 2040 936 R 33 0.2 1556:57 perl
15338 apache 25 0 7592 4068 1324 R 33 0.4 545:03.58 perl
5817 apache 25 0 6996 4052 1240 R 33 0.4 520:37.18 perl
27139 apache 25 0 6404 4068 1248 R 33 0.4 197:40.96 perl
29176 apache 25 0 7964 4092 1272 R 33 0.4 523:40.92 perl
14785 apache 25 0 7392 4088 1272 R 31 0.4 1158:41 perl
27420 root 16 0 3248 1000 760 R 1 0.1 0:00.04 top
27441 qmaild 16 0 4736 752 604 S 0 0.1 0:00.01 qmail-smtpd
1 root 16 0 1956 96 64 S 0 0.0 0:06.83 init
2 root RT 0 0 0 0 S 0 0.0 0:04.04 migration/0
3 root 34 19 0 0 0 S 0 0.0 0:00.56 ksoftirqd/0
4 root RT 0 0 0 0 S 0 0.0 0:02.36 migration/1
5 root 34 19 0 0 0 S 0 0.0 0:00.47 ksoftirqd/1
6 root 5 -10 0 0 0 S 0 0.0 0:00.12 events/0
7 root 5 -10 0 0 0 S 0 0.0 0:00.05 events/1
8 root 9 -10 0 0 0 S 0 0.0 0:00.00 khelper
9 root 15 -10 0 0 0 S 0 0.0 0:00.00 kacpid
24 root 5 -10 0 0 0 S 0 0.0 0:00.00 kblockd/0
25 root 5 -10 0 0 0 S 0 0.0 0:00.00 kblockd/1
44 root 15 0 0 0 0 S 0 0.0 0:24.16 pdflush
26 root 15 0 0 0 0 S 0 0.0 0:00.00 khubd
46 root 13 -10 0 0 0 S 0 0.0 0:00.00 aio/0
47 root 13 -10 0 0 0 S 0 0.0 0:00.00 aio/1
45 root 15 0 0 0 0 S 0 0.0 2:45.50 kswapd0
193 root 25 0 0 0 0 S 0 0.0 0:00.00 kseriod
308 root 15 0 0 0 0 S 0 0.0 4:29.19 kjournald
1393 root 6 -10 1968 4 0 S 0 0.0 0:00.02 udevd
1912 root 6 -10 0 0 0 S 0 0.0 0:00.00 kauditd
1976 root 7 -10 0 0 0 S 0 0.0 0:00.00 kmirrord
1995 root 22 0 0 0 0 S 0 0.0 0:00.00 kjournald
1996 root 15 0 0 0 0 S 0 0.0 0:01.55 kjournald
1997 root 20 0 0 0 0 S 0 0.0 0:00.00 kjournald
2769 root 15 0 2908 244 176 S 0 0.0 2:48.00 syslogd
2773 root 16 0 3348 196 140 S 0 0.0 0:00.00 klogd
2783 root 16 0 3092 272 208 S 0 0.0 0:08.25 irqbalance
2798 named 16 0 50760 4492 1408 S 0 0.4 2:59.58 named
2852 root 15 0 2664 260 104 S 0 0.0 0:00.13 smartd
2861 root 16 0 5220 380 264 S 0 0.0 0:15.04 sshd
[root@cl-t058-280cl tmp]#
I am suffering with perl scripts attack. Please help me to resolve this issue.
How do I trace what user this is?
Code:
PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND 9488 nobody 25 0 1612 1280 1108 S 21.1 0.2 619:37 1 perl bodyb3 200.101.193.42 0 5000
I also ran netstat -n and found this:
Code:
udp 15184 0 server.host.com:55936 ns1.datacenter.net:domain ESTABLISHED
How can change perl 5.8.8 to 5.8.7
Now I cant Install any Perl Module use CP.
all show me this :
Testing connection speed...(this could take a while)...Done
Ping:2.016 Testing connection speed to cpan.erlbaum.net using pureperl...(157450.00 bytes/s)...Done
Ping:2.316 Testing connection speed to cpan.belfry.net using pureperl...(157450.00 bytes/s)...Done
Ping:1.911 Testing connection speed to cpan.glines.org using pureperl...(104300.00 bytes/s)...Done
Three usable mirrors located
Mirror Check passed for cpan.erlbaum.net (/index.html)
Unknown config variable 'less'
commit: wrote '/usr/lib/perl5/5.8.8/CPAN/Config.pm'
CPAN: File::HomeDir loaded ok (v0.65)
CPAN: Storable loaded ok (v2.16)
Going to read /home/.cpan/Metadata
Database was generated on Wed, 15 Aug 2007 01:38:08 GMT
Acme:pork is up to date (0.0.7).
perlmod--Install done