Disable wget
(1 votes, average: 3 out of 5)
Loading ...wget is one of the largest threats for your server security. A single abuser that gains access to wget can download and run any script that he wants, totally compromising your server.
It is highly recommended that you allow only root to use wget and you restrict all other users from it.
- Login to your server as root
- Run the fallowing command
chmod 0700 /usr/bin/wget
Please note that disabling wget might cause some scripts to stop working. A known problem is that Fantastico will stop updating after this. The solution is pretty easy…
Before you disable wget make sure that you do a copy of it with the initial permissions. You can use any name that you want, the fallowing is just an example:
cp /usr/bin/wget /usr/bin/wget_secret
In the Fantastico configuration input the location to wget as:
/usr/bin/wget_secret
If for some reason you you want to revert the change you simply have to do:
chmod 0711 /usr/bin/wget
If you have any questions or suggestions please leave a comment.
If you enjoyed this post, make sure you subscribe to my RSS feed!
- November 6th
well… there are like 500 different ways to download things on linux..
wget
curl
ftp/ncftp/lftp/etc..
the different scripting languages can all do networking.. php, python, perl, etc..
you can even do it in pure bash.. like this:
exec 3 /dev/tcp/127.0.0.1/80
echo “GET /index.html HTTP/1.0″ 1>&3
echo 1>&3
while read 0<&3; do echo $REPLY; done
so only removing wget is just plugging one small hole in your very leaky bucket..
I can’t believe this “advice” exists.
kake you are perfectly right. This is just one level in the server security.