Disabling cURL - Pros and Cons
Hello cPanel team, we have noticed a surge of brute force attacks using cURL and thus bypassing traditional lockouts on some of our CMS installations.
I know we can disable cURL through php.ini and the Apache compiler, however I would like to know whether or not it is recommended to leave cURL active (as we would like to prevent any loss of service).
Would disabling cURL be an unwise decision?
-
A lot of stuff needs cURL. Are you saying the remote user agent is cURL? If so, removing it from your local system won't make a difference. Logs would help. 0 -
[quote="intrinsic, post: 1551401">Hello cPanel team, we have noticed a surge of brute force attacks using cURL and thus bypassing traditional lockouts on some of our CMS installations.
Could you elaborate a little more on the nature of the attack? For instance, how exactly was cURL used to bypass existing security policies? Thank you.0
Please sign in to leave a comment.
Comments
2 comments