Portal Home > Knowledgebase > Articles Database > prevent cgi-script & .htaccess& SQL Injection
prevent cgi-script & .htaccess& SQL Injection
Posted by ngham4host, 09-06-2008, 07:02 PM |
Hello,
I have three problem i get i was attacket with my server
1)- SQL Injection ( How can I prevent SQL Injection IN Forumhome table IS THERE ANY RULS IN mod_security or any way to protect the vbulltin forum from SQL Injection in forumhome talbe )
2)- 3) How to prevent users from using these orders to change some of httpd setting and php on .htaccess File Like
AddHandler cgi-script .pl
AddHandler cgi-script .cpc
AddHandler cgi-script .txt
AddHandler cgi-script .CH
AddHandler cgi-script .pp
Because they had add this to .htaccess and the can make the cgi scripts work outside the cgi folder
3)How can Stop all the sgi and perl scripts on my server
best regards,
|
Posted by ngham4host, 09-07-2008, 12:28 PM |
any help
no one can help for that
|
Posted by HardLayers, 09-07-2008, 01:15 PM |
I have solved this problem earlier on this section
you can do the following on your httpd.conf to disable the execution of CGI-Telnet scripts which are called perl shells or what ever.
search for:
this might not be in the same syntax but search for something similar
add this directive just below the last one
this way you disabled all cgi scripts from working in the /home directory.
regarding the sql injection Q
changing the forumhome template is done by hackers using Mysql php scripts.
they're being changed directly from the tables in the database when the hacker captures the UserName and pass of the Database through symlinking the config.php files
|
Posted by ngham4host, 09-08-2008, 06:22 PM |
thanks for you help
i did that but it is not work
as i told you
if i add that code in .htaccess
the cgi scripts work
how can i prevent any one from adding this code to .htaccess
also with thanks
about sql injection Q
how can i prevent any hacker from reading files on server
and prevent this commend
cat /etc/ passwd
on the server
best regards,
|
Posted by HardLayers, 09-09-2008, 10:06 AM |
Options -ExecCGI
if u add this to your httpd.conf as i mentioned There's no way to execute CGI on the directory /home
after you do that you have to restart apache to check if that's working or not
|
Posted by ngham4host, 09-09-2008, 12:26 PM |
thanks
this all what i hav in my httpd.conf
and it not working
regards,
|
Posted by HardLayers, 09-09-2008, 06:27 PM |
that's weird man
i have the following and CGI PERL don't work what so ever
By the way
if you take off the Fileinfo from the AllowOverride line
that will mean that no one could use .htaccess to add lines such as:
but that shouldn't be a problem if you're disabling execution of CGI , you can leave that untouched
could you provide me with the following:
1-are u useing SuExec while compiling apache?
2-what version of apache are u using?
I'm not so sure if these points are the problem but i want to compare between yours and mine
Last edited by HardLayers; 09-09-2008 at 06:30 PM.
|
Posted by ngham4host, 09-10-2008, 08:56 PM |
thanks alot
1-are u useing SuExec while compiling apache? yes
what version of apache are u using? 229
regards,
|
Posted by HardLayers, 09-10-2008, 10:05 PM |
weird man
sorry, i don't know how to fix this
|
Posted by ngham4host, 09-11-2008, 12:02 AM |
thanks alot man for your help
best regards,
|
Posted by ktjm, 09-11-2008, 08:08 AM |
i have this problem too (cgi-bin)
i think we need disable addhandler function in htaccess ?
Please Help We !!
|
Posted by JBapt, 09-11-2008, 09:29 AM |
Hi,
try got root (www.gotroot.com). They used to have really good rules to use in mod_security.
|
Posted by devways, 09-12-2008, 04:07 PM |
I don't know if you going to active perl cgi scripts on your server or not , anyway the only way much pretty to disable using perl scripts
edit your crontab and add this line
* * * * * chmod 700 /usr/bin/perl
Regards
|
Posted by ktjm, 09-12-2008, 05:06 PM |
brother ,
if we disable perl . php disable too ,
we need disable AddHandler ....
|
Posted by ngham4host, 09-12-2008, 05:09 PM |
thats what we need
|
Add to Favourites Print this Article
Also Read