Disable CGI scripting in your cPanel server !

We might decide to disable CGI on the server because of the consequences that weak CGI scripts can have on our server security.

If any vulnerable holes are found and the hacker uploads and runs a CGI script, they can get even root access to the server.

Well then, how to disable this in a cPanel box running on Apache web-server ?

You can turn off ExecCGI by unchecking the following via WHM :

Service Configuration > Apache Configuration > Global Configuration > untick ExecCGI

default1

 

But even with this configuration in running state, your normal users can enable it via .htaccess file by passing ExecCGI with ‘Options‘ directive ( which you don’t disable as users need it)

So to make sure your users do not run cgi scripts, you can take out CGI privilege by modifying the already existing accounts created in the server.

Home » Account Functions » Modify an Account

modify-accounts

When this is in-effect, the following gets added to the VirtualHost section of the account :

Options -ExecCGI -Includes
RemoveHandler cgi-script .cgi .pl .plx .ppl .perl

  • J.G.

    Thank you very much. By the way, it is also good to deactivate suexec if the module is loaded since it manages CGI users. CGI is less and less used today and for every CGI job it is possible to write a PHP script. So, rather than keeping CGI scripts, we should encourage to only use PHP scripts because CGI scripts can crash any version of apache still today.

    • ARUN SURESH BABU

      Thank you for the suggestion.

  • 24x7servermanagement

    Thanks for the easy and quick solution

    • ARUN SURESH BABU

      You are most welcome