.

Disabling wget?

<<

clanggedin

Newbie
Newbie

Posts: 17

Joined: Thu May 27, 2010 12:51 pm

Post Thu May 27, 2010 11:41 pm

Disabling wget?

I work for a large web hosting company.. I wont give the name, but I see on a daily basis accounts getting hacked either for phishing or blackhat-seo. The vast majority of the sites are either running Joomla or Wordpress. One thing that a few of us that work there have been talking about is disabling 'wget'. Most of the hacks that I see use wget to install a shell, bot or proxy onto the account. We use cpanel as our backend mgmt tool for the client. I know Fantastico uses wget, which we are in the process of phasing out anyways and I know that some programs recommend wget to install their software, as well a some cron jobs use them.

It seems that an account gets hacked, then deactivated by our Abuse department only to get reinstated without it getting really cleaned out. The site gets hacked again hours later then deactivated and this process goes on until we tell the customer to find another host. Removing wget may help less sites get hacked and save us $$ in the long run.

Are there any other 'cons' to removing wget that I am not aware of?
<<

Xen

User avatar

Sr. Member
Sr. Member

Posts: 386

Joined: Tue Feb 03, 2009 3:59 am

Post Fri May 28, 2010 8:14 am

Re: Disabling wget?

Change the permission to 700. This way only root will be able to execute it. More specifically, you should use the following command
  Code:
chmod 700 `which wget` && chattr +i `which wget`


They can always use 'curl'. Better to 700 it too.
A little Google fu would've helped you here http://redhatvn.net/disable-wget#more-37
Last edited by Xen on Fri May 28, 2010 8:22 am, edited 1 time in total.
<<

clanggedin

Newbie
Newbie

Posts: 17

Joined: Thu May 27, 2010 12:51 pm

Post Fri May 28, 2010 9:03 am

Re: Disabling wget?

Yes... We know how to disable wget. My question is what would the ramifications be if we disabled wget for our customers?

Would it be something that security experts recommend doing?
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Fri May 28, 2010 11:07 am

Re: Disabling wget?

That's a tricky question. Since Wget is used to mostly get data. I can't speak for other security pros, but I wouldn't disable it out right.

Most of your customers probably don't use it, and those that do use it will complain. It's the ones that would complain you need to watch out for.

I (imho) would make an addendum to the AUP and require users to have to OPT in to use it. Explain why it's being disabled, and require the customer to request the tool. It's pretty standard on most distros now days.

2 things get accomplished. Customer training, and patching a whole while not getting more complaints from users.

I'm sure some people will probably disagree with me.
OSWP, Sec+
<<

SecMan

Newbie
Newbie

Posts: 17

Joined: Thu Dec 25, 2008 8:57 am

Post Mon May 31, 2010 2:48 am

Re: Disabling wget?

Instead of disabling, why not replace it with a script/binary that sends you an alert when it is used?  Rename the original wget with wget2 or something like that and tell your users to use it instead.  That way, you get automated alerts if a malicious user or script tries to use it.  You can do the same with curl as well since wget + curl are the most popular tools for downloading using the cli.

Return to Other

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software