Fixing proxy server
On 18th July, our security team was alerted to a series of vulnerabilities called . It allows attackers to steal data from CGI enabled web servers.
[ Update 21st July – cPanel released patches for Apache. ]
What is HTTPoxy?
HTTPoxy is a vulnerability with CGI environments, that allows an attacker to re-direct web traffic through an arbitrary proxy server. Here’s how it works:
Some web applications open outgoing HTTP connections, like fetching periodic weather data, posting data updates, etc. These connections are usually opened directly to the target servers.
However, a setting (aka variable) called “HTTP_PROXY” can be used to channel all outbound connections through a specific server. The HTTPoxy vulnerability allows attackers to remotely modify this setting to direct all traffic through a malicious proxy server.
Read : How to secure your server – A full check-list
Are your servers vulnerable?
To test if your servers are vulnerable, create a file called test.cgi in the “cgi-bin” directory of any domain. Put the following content in it, and give it 755 permissions, and the right ownership.
#!/bin/sh echo "Content-Type:text/plain" echo echo "HTTP_PROXY='$HTTP_PROXY'"
Then access the script with a “Proxy:” header, like this:
curl -H ‘Proxy: AFFECTED’
If you see the output HTTP_PROXY=’AFFECTED’ then your server is vulnerable.
Is there an easier way to know?
A lot of web servers allow CGI applications with HTTP_PROXY headers. For eg. if you have a LAMP stack, chances are you’d be using Mod_PHP or PHP-FPM in its default config, which is to allow this header.
So, the rule of thumb is, if your server is CGI enabled, and is a default installation, consider your server vulnerable.
This is especially true if you are a web hosting provider. Control panels like cPanel/WHM, Plesk, DirectAdmin, etc. allow you to run PHP apps in CGI mode.
Read : How to keep hackers out of your web server
We can help you patch your servers, do a full-site security testing and secure your services from attacks.
Emergency services provided at $49/hr
Bobcares provides Outsourced Hosting Support for online businesses. Our services include Outsourced Web Hosting Support, Outsourced Server Support, Outsourced Help Desk Support, Outsource Live Chat Support and Phone Support Services.