A hacker use this cgi script to access to my server, now I am finding a way to block this script on running. Using Cgitelnet, I can access to many important data on hard drive. You can find it here:

http://www.rohitab.com/cgiscripts/cgitelnet.html

Anyone would be kind please tell me how to block it (thanks).

My server running latest Cpanel/RHE3 version, I also completed this security script located at:

http://forums.servermatrix.com/viewtopic.php?t=15178

Hope to hear any update. Thanks.

You can search for all instances of cgitelnet.pl on your server and delete them. Throw a warning out to your users about this CGI script and say you'll delete all instances of them.

But it not solve the problem forever, a customer site can have a bug let hacker upload backdoor tools.

That's always a risk.

What you can do to help prevent it, however, is securiring the /tmp, /var/tmp, and /dev/shm partitions (where the hacks often get uploaded) and installing mod_security to Apache. It helps prevent some common vulnerabilities.

Well theres no real way to stop it, you can change permissions of perl(/usr/bin/perl)

To not be executed, or chown it to a certain group and only add certain users to that group meaning only privledged users will be able to execute perl. However I would recommend against this if you use a control panel such as cPanel since its bound to break some things in cPanel.

You can search for the files using the find command -> `man find` for more info.

find /home/ -exec grep -i"cgi telnet" {} ; -print

Obviously change cgi telnet to whatever you want to search for,

again man find will tell you more on different switches like -name ".pl" to only search for .pl or -name ".cgi" to only search for .cgi

that way you are only looking for specfic scripts.

Another option is to have find automatically delete all instances of that script within your '/home' partition.