Search:  
Gentoo Wiki

Cacti/Hacking_prevention

Contents

Hacking prevention

Note: Cacti 0.8.6j and on are not vulnerable to this attack so the following procedure is no longer necessary.

Older versions of cacti (cacti-0.8.6i-r1) are vulnerable through its cmd.php file. Indeed, hackers can use this script to execute shell commands on the remote host. To prevent your server from being vulnerable to this kind of attack, let's make a couple of changes on your Apache configuration.

Permit .htaccess override in cacti directory

In default configuration, .htaccess will not be able to deny access to the cmd.php file. Edit the following file /etc/apache2/vhosts.d/00_default_vhost.conf and change this :

   <Directory "/var/www/localhost/htdocs">
       Options Indexes FollowSymLinks
       AllowOverride None
       Order allow,deny
       Allow from all
   </Directory>

to this :

   <Directory "/var/www/localhost/htdocs">
       Options Indexes FollowSymLinks
       AllowOverride Limit
       Order allow,deny
       Allow from all
   </Directory>

And reload apache :

/etc/init.d/apache2 reload

Deny access to cmd.php

Then you can create .htaccess file in cacti directory :

nano -w /var/www/localhost/htdocs/cacti/.htaccess

And paste this into it :

<FILES cmd.php>
       Deny from all
</FILES>

Browsing this file http://localhost/cacti/cmd.php, you should get a Access denied error message. Hackers cannot use this file anymore.

More

Retrieved from "http://www.gentoo-wiki.info/Cacti/Hacking_prevention"

Last modified: Mon, 03 Dec 2007 09:38:00 +0000 Hits: 7,354