CGI Access disable
- Thread starter nulkarp
- Start date
nobaloney
NoBaloney Internet Svcs - In Memoriam †
It's not quite that simple. cgi access isn't just a flag somewhere. It's a line in each virtual container in each username's custom httpd.conf file.
I suppose you could write a program that would remove all lines containing cgi-bin from all the user httpd.conf files. And then restart apache.
Note that i don't recommend this unless you're an experienced systems administrator, in which case I don't think you would have asked the question. So in other words, I do NOT recommend you do this, and if you, and follow my instructions, even exactly, and something breaks, it's NOT my fault or my responsibility; you've been warned.
Jeff
I suppose you could write a program that would remove all lines containing cgi-bin from all the user httpd.conf files. And then restart apache.
Note that i don't recommend this unless you're an experienced systems administrator, in which case I don't think you would have asked the question. So in other words, I do NOT recommend you do this, and if you, and follow my instructions, even exactly, and something breaks, it's NOT my fault or my responsibility; you've been warned.
Jeff
nobaloney
NoBaloney Internet Svcs - In Memoriam †
If you're not willing to shut off CGI access or FTP access (and personally, I'm not):
1) Make sure you've got /tmp in it's own partition, mounted noexec.
2) create a Terms of Service document which holds your users responsible for all spam sent through their account.
3) Make sure all your users get the document and know when it takes effect. Also tell them how to use hard-to-guess passwords and make sure they understand that if their account gets used to send spam for ANY reason, they've violated your terms of service.
4) Sign up for an AOL feedback loop here. AOL will then send you copies of ALL emails marked as spam which they get from your server; that's a great early warning for spam because just about all spam lists have AOL addresses on them.
5) When you get the spam find it in your logs, and shut down the user's account.
Note that this is NOT specificallly what I do, but it's certainly a good start.
Generally, do not tolerate users whose accounts send spam, whether it's because they do it intentionally themselves, or simply allow because of poor software choices, or if their software gets hacked, or if their passwords get hacked.
Jeff
1) Make sure you've got /tmp in it's own partition, mounted noexec.
2) create a Terms of Service document which holds your users responsible for all spam sent through their account.
3) Make sure all your users get the document and know when it takes effect. Also tell them how to use hard-to-guess passwords and make sure they understand that if their account gets used to send spam for ANY reason, they've violated your terms of service.
4) Sign up for an AOL feedback loop here. AOL will then send you copies of ALL emails marked as spam which they get from your server; that's a great early warning for spam because just about all spam lists have AOL addresses on them.
5) When you get the spam find it in your logs, and shut down the user's account.
Note that this is NOT specificallly what I do, but it's certainly a good start.
Generally, do not tolerate users whose accounts send spam, whether it's because they do it intentionally themselves, or simply allow because of poor software choices, or if their software gets hacked, or if their passwords get hacked.
Jeff