Fixing proxy server
On 18th July, our security team was alerted to a series of vulnerabilities called . It allows attackers to steal data from CGI enabled web servers.
[ Update 21st July – cPanel released patches for Apache. ]
What is HTTPoxy?
HTTPoxy is a vulnerability with CGI environments, that allows an attacker to re-direct web traffic through an arbitrary proxy server. Here’s how it works:
Some web applications open outgoing HTTP connections, like fetching periodic weather data, posting data updates, etc. These connections are usually opened directly to the target servers.
However, a setting (aka variable) called “HTTP_PROXY” can be used to channel all outbound connections through a specific server. The HTTPoxy vulnerability allows attackers to remotely modify this setting to direct all traffic through a malicious proxy server.
Read : How to secure your server – A full check-list
Are your servers vulnerable?
To test if your servers are vulnerable, create a file called test.cgi in the “cgi-bin” directory of any domain. Put the following content in it, and give it 755 permissions, and the right ownership.
#!/bin/sh echo "Content-Type:text/plain" echo echo "HTTP_PROXY='$HTTP_PROXY'"
Then access the script with a “Proxy:” header, like this:
curl -H ‘Proxy: AFFECTED’
If you see the output HTTP_PROXY=’AFFECTED’ then your server is vulnerable.
Is there an easier way to know?
A lot of web servers allow CGI applications with HTTP_PROXY headers. For eg. if you have a LAMP stack, chances are you’d be using Mod_PHP or PHP-FPM in its default config, which is to allow this header.
So, the rule of thumb is, if your server is CGI enabled, and is a default installation, consider your server vulnerable.
This is especially true if you are a web hosting provider. Control panels like cPanel/WHM, Plesk, DirectAdmin, etc. allow you to run PHP apps in CGI mode.
Read : How to keep hackers out of your web server
We can help you patch your servers, do a full-site security testing and secure your services from attacks.
Emergency services provided at $49/hr
Bobcares provides Outsourced Hosting Support for online businesses. Our services include Outsourced Web Hosting Support, Outsourced Server Support, Outsourced Help Desk Support, Outsource Live Chat Support and Phone Support Services.
Самая свежая информация Bactefort România у нас на сайте.