Tuesday, July 13, 2010

How to disable wget

SkyHi @ Tuesday, July 13, 2010
wget is one of the largest threats for your server security. A single abuser that gains access to wget can download and run any script that he wants, totally compromising your server.

It is highly recommended that you allow only root to use wget and you restrict all other users from it.

1. Login to your server as root

2. Run the fallowing command

chmod 0700 /usr/bin/wget

Please note that disabling wget might cause some scripts to stop working. A known problem is that Fantastico will stop updating after this. The solution is pretty easy…

Before you disable wget make sure that you do a copy of it with the initial permissions. You can use any name that you want, the following is just an example:

cp /usr/bin/wget /usr/bin/wget_secret

In the Fantastico configuration input the location to wget as:


If for some reason you you want to revert the change you simply have to do:

chmod 0711 /usr/bin/wget


I make it a habbit on my systems to chmod 700 some of the keyfiles
like wget, netstat. Also a good idea to set your /tmp to noexec.


there are alot of ways to get a file in the server i am ussualy using
this one

chmod 750 /usr/bin/rcp

chmod 750 /usr/bin/wget

chmod 750 /usr/bin/lynx

chmod 750 /usr/bin/links

chmod 750 /usr/bin/scp

chmod 750 /usr/bin/nc

chmod 750 /usr/bin/elinks

chmod 750 /usr/bin/curl

rm -rf /etc/httpd/proxy/

chmod 000 /var/mail/vbox

rm -rf /usr/local/apache/proxy

chmod 700 /usr/bin/lwp-*

chmod 750 /usr/bin/GET

chmod 750 /usr/bin/curl


Install LES, which will chmod/chattr most of these binarys for you.