Tag Archives: cgi – vulnerability – fix in cpanel + apache

Disable CGI scripting in your cPanel server !

We might decide to disable CGI on the server because of the consequences that weak CGI scripts can have on our server security.

If any vulnerable holes are found and the hacker uploads and runs a CGI script, they can get even root access to the server.

Well then, how to disable this in a cPanel box running on Apache web-server ?

You can turn off ExecCGI by unchecking the following via WHM :

Service Configuration > Apache Configuration > Global Configuration > untick ExecCGI

default1

 

But even with this configuration in running state, your normal users can enable it via .htaccess file by passing ExecCGI with ‘Options‘ directive ( which you don’t disable as users need it)

So to make sure your users do not run cgi scripts, you can take out CGI privilege by modifying the already existing accounts created in the server.

Home » Account Functions » Modify an Account

modify-accounts

When this is in-effect, the following gets added to the VirtualHost section of the account :

Options -ExecCGI -Includes
RemoveHandler cgi-script .cgi .pl .plx .ppl .perl