I know this is only loosely Perl/Bot related but this is the only place I know where I can find advice about such things.
Basic jist of my problem is that I am running an Apache server on one of my computers (running Windows) to host my friends websites and bots. For the bot side I needed CGI to be executed, which I have done and it works fine.
However, I thought today that accessing outside the server directories was possible and wondered if more could be done, so I uploaded a test script that would make a directory on c: and accessed it. It worked. I then proceeded to use the same script to delete it, which also worked. This would be a very easy and obvious method for deleting my windows/user websites directory and thus bring my server down or cause major inconvinience to those using my server.
I would like to know how I can stop this from happening (such as stopping system(); from being executed or something along those lines).
Currently, executable script is exclusively avaliable to only myself and one other person who I trust (luckily) but I would like to know that my CGI is secure and my computer is safe should I allow others to use CGI whom I may not have so much trust in.
I don't get this exactly. It sounds like you have a cgi that lets a user enter an arbitrary command that is run via system(). This is not an Apache or Perl security problem, this is a huge security hole in your script. It's similar to allowing a user to eval any perl code they want. It's very bad!
You shouldn't have cgi's that allow people to delete or create paths or files. If your cgi builds a site or something like that, then it should be strictly contained.
User Control Panel
