SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Enthusiast
    Join Date
    Oct 2002
    Posts
    64
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Web host disabled perl / cgi outside of cgi-bin... is that really necessary?

    I have been with the same web host for 7 years with mostly only minor/standard issues to date. I noticed a problem the other night with a perl script I was uploading (kept trying to download) and hadn't figured it out until I saw the below email...

    Subject: Emergency Security Updates on server

    Dear Valuable Customer,

    We would like to inform you that due to security reasons we have changed
    couple of settings related to perl and cgi. We have blocked the .cgi .pl
    .plx .ppl .perl scripts using outside of the cgi-bin folder due to security
    purpose,so to use those handlers please keep in cgi-bin folder. By allowing
    these above handlers in other folders spammers are running spam scripts at root
    level folders and sending spam mails from server. Due to this IP is getting
    frequently blocked by email providers. We request you please kindly keep
    handlers in cgi-bin folder.

    Your cooperation in this regard will be appreciated.
    Looks like this was a server wide change... maybe even all their servers are being switched over like this. I believe they have hundreds of servers with ten of thousands of websites (virtual hosting), so this will affect many people.

    Is this really any more secure?

    Can't malicious scripts be run from the cgi-bin too?

    Wouldn't this basically kill someones site/rankings if they were using Movable Type and had to move to /cgi-bin/ ?

    Can't PHP accomplish the same thing?

    I know I have a ton of scripts that will be affected by this and I haven't even begun to try to unravel where they all are. This will be a huge hassle.

    Lastly, having cgi-bin in the URL is not appealing to me at all. I may have to switch over to PHP as my main development tool to avoid these troubles.

    It is pretty uncool they didn't give even 7 days notice for people to switch things over.

    What would you have done if you were the host?

    Thanks,
    Michael

  2. #2
    SitePoint Wizard bronze trophy KevinR's Avatar
    Join Date
    Nov 2004
    Location
    Moon Base Alpha
    Posts
    1,053
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I pay little for hosting and I can run scripts from any folder. If you don't like this change then move your site to a new host. Its not going to help you to say what we would have done if we were the host.


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •