disable perl suphp

tincboy

Verified User
Joined
Aug 14, 2009
Messages
126
I've find a shell on one of my hosted domains today which was uploaded via a wordpress bug,
In the shell it says the perl is active on my server and can be used, how can I find out if it's true? and how can I disable it while using suphp?
 
I don't think it works on suPHP, it only works with php_cli

What does perl have to do with suPHP? Is downloaded PHP shell executing perl commands with system()/exec() ? If so, then you might need to disable them in php.ini globally or on per user bases.
 
I've disabled many functions in php.ini and they are now blocked, but the shell is showing Perl is On and I guess it's dangerous `cause Perl can be used to execute abusive code.
 
Hmm, you should really try to execute any perl script in public_html (trigger it from browser)... and see whether or not it will run.

The php shell script (which you are referring to) might be checking only existence of perl binary... and I would not trust such a script.
 
If you want to block perl from many Users, create some group called (for example):
noperl

And set the perl binary to root:noperl 705.
Add any Users who should not have perl access to the noperl group.

John
 
I've put the code into a test.pl file with 644 permission and right owner,
using browser to execute that file only shows the source code, in both cgi-bin and outside of it,
Is this the right way to run a Perl script via httpd ?
 
Perl files would need to be in the cgi-bin folder. What extension are you using on your files. You will have to end them in .cgi or create an .htaccess in your public_html folder with AddHandler cgi-script .pl

They also need to be executable so they would have to be chmod 750 or 755
 
Last edited:
I'm not 100% sure about it but I believe cgi stuff works everywhere.. do a httpd -l | grep cgi

Ive disabled them all

"--disable-cgid" \
"--disable-cgi" \
"--disable-proxy-scgi"

@ /usr/local/directadmin/custombuild/custom/ap2/configure.apache

also keep in mind everything done by cron job is like ssh, so if you want to catch perl the chmod would be the way as it can be reached past apache
 
I've renamed it to .cgi and now I got error 500
In Apache logs I can see the error of "Premature end of script headers: test.cgi"
What does it mean? Was it successful for blocking Perl?
Because of cron jobs I guess blocking Perl via permissions would be better than recompiling httpd, right? ( I also run php_cgi so the crons are being run with proper user owner )
 
Do set chmod 755 on perl and check whether the error disappears:

Code:
chmod 755 /usr/bin/perl

if yes, then chmod back to 705:

Code:
chmod 705 /usr/bin/perl

In this case it would mean, that you've got perl disabled.
 
Back
Top