How to: secure yourself with (( cgitelnet.pl ))
Posted by X-x-X, 05-04-2007, 09:39 PM It’s very important thing [URL removed] A hacker use this cgi script to access to the server he can access to many important data on hard drive anyone would be kind please tell me how to block it using mod_security rules cuz’ a customer site can have a bug let hacker upload backdoor tools We need a solution to stop that Thank you Last edited by bear; 05-05-2007 at 07:29 AM.
Posted by Linuxsurgeon, 05-04-2007, 11:37 PM Its better to disable shell access for this user. Also try the mod security rules below. Last edited by bear; 05-05-2007 at 10:14 AM. Reason: Switched to code tag for formatting
Posted by X-x-X, 05-05-2007, 05:57 AM how can i disable shell access for this user ?
Posted by bin_asc, 05-05-2007, 07:37 AM If you have cPanel, just go in WHM, and under Account Functions > Manage Shell Access. When there, you should see in the list, under the Shell column the (disabled) warning. That means it`s turned off for the user. If not, then , disable the shell for the user. This was if you have cPanel. If not, then log in SSH, use : to change the details of the user and make sure when creating it`s privileges, don`t add .
Posted by X-x-X, 05-05-2007, 09:30 AM i go to the Manage Shell Access and i find like that : /bin/false and same user have : (disabled)
Posted by bear, 05-05-2007, 10:13 AM Shell access permission isn't needed for that script to gain shell for the user. That's the whole point of it.
Posted by bin_asc, 05-05-2007, 11:20 AM True. Even php shell scripts can bypass safe_mode.
Posted by X-x-X, 05-05-2007, 02:02 PM its enough to add that rules to mod_security ?
Posted by jpetersen, 05-05-2007, 02:55 PM Those rules don't do anything for the cgitelnet script. < > Realize though that they're easily able to be bypassed, and the real solution is finding out how someone was able to get the script on your server in the first place. Last edited by bear; 05-05-2007 at 04:14 PM.
Posted by X-x-X, 05-05-2007, 05:29 PM we need a solution can any guiding as ? how to ?
Posted by jpetersen, 05-05-2007, 07:28 PM Now it's been cross posted, instead of just being linked to.