Announcement

Collapse
No announcement yet.

.pm files readable in CGI-BIN

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    .pm files readable in CGI-BIN

    We're trying to figure out what we can do about a range of .pm in the CGI-BIN files being readable in the browser.
    We've been alerted to this as a 'security' threat by a server security monitoring service.
    So, firstly, is this normal?

    These files :-

    ab000005.pm
    ac000005.pm
    ad000005.pm
    al000005.pm
    ao000005.pm
    as000005.pm
    ax000005.pm
    cm000005.pm
    dc000005.pm

    are the ones in question

    and secondly, is there anything we can do about this?

    If you browse to any of these files in a CGI BIN (and a quick Google for index lists of actinic cgi-bins shows loads of these) then you can read the file contents in plain text.

    Hope someone can suggest something!
    Thanks

    Jos Medinger

    Tel : 01978 843 962
    www.internetology.co.uk
    Actinic / E-Commerce Hosting, Design & SEO
    ______________________________________
    Tags: None
    #2
    Perhaps the permissions are not correct on the cgi-bin folders.

    Comment

      #3
      hmm - that was the first thing we checked...

      At the moment, they're

      Owner:

      Read : yes
      Write : yes
      Execute : yes

      Group:

      Read : yes
      Write : no
      Execute : yes

      Public:

      Read : yes
      Write : no
      Execute : yes

      which basically equals '755' across the CGI-BIN

      I thought this was perfectly normal until we were advised these files were readable...
      Thanks

      Jos Medinger

      Tel : 01978 843 962
      www.internetology.co.uk
      Actinic / E-Commerce Hosting, Design & SEO
      ______________________________________

      Comment

        #4
        Sounds like a normal actinic setup to me, which is why some hosts do not like/won't host actinic sites.

        Comment

          #5
          I just checked some of my sites and none are readable on them.

          Comment

            #6
            Maybe what i've seen is wrong too then . As i understood the whole 777 & 755 permissions is what makes things like this so 'open', so to speak.

            Comment

              #7
              I get 500s when trying to access either the cgi-bin itself or any files directly that exist within it.

              Comment

                #8
                Yeah i get 500's too, i think the masses do too as whenever a cgi-bin link is placed on the forum it fails. I'm talking from the Google cached links. Something like this was posted also along the lines of because i am using cgi-bin navigation, Google is indexing the files in the cgi-bin.

                Comment

                  #9
                  I've just updated the permissions on the .pm files to be 751 (Public non readable) and this has the correct effect at the moment.

                  My worry is thought that the next upload will reset these permissions...
                  Thanks

                  Jos Medinger

                  Tel : 01978 843 962
                  www.internetology.co.uk
                  Actinic / E-Commerce Hosting, Design & SEO
                  ______________________________________

                  Comment

                    #10
                    Jos, are you talking about direct access to a file via typing in an address in a browser or Google cached info? If you are talking about direct access in a browser, then something is wrong and i agree with Duncan. Try it on some other sites you've built, see if the same.

                    Comment

                      #11
                      Lee

                      I'm talking about direct access in a browser.

                      Having tried a couple of other sites we have on the same server, they return 500 errors. Something therefore is up with this particular site...

                      We did do some work on 301 redirects with this site a while ago which had an impact across all directories however I wouldn't have expected it to affect the cgi-bin in this way...

                      I'll look into it further and post findings
                      Thanks

                      Jos Medinger

                      Tel : 01978 843 962
                      www.internetology.co.uk
                      Actinic / E-Commerce Hosting, Design & SEO
                      ______________________________________

                      Comment

                        #12
                        Hmm very strange then, especially if others OK on the same server. I'd have said a server issue was next step, but that quashes that idea. The 301's must have a problem or the site needs a purge and refresh possibly, odds on the 301's though i'd say now. Like you say an update is almost certain to change the permissions back.

                        Comment

                          #13
                          as ever a URL would help -

                          Comment

                          Previous template Next
                          Working...
                          X