CGI - Hacking?

Hey guys!

I have a quick question.
A customer of mine has claimed that he been hacked via CGI scrtipts (namely entropymail.cgi IIRC). Anyhow, this user claims that someone has gone in, run a command which tarred up their whole home dir and then then moved it to a place that someone could download it (ie into the public_html folder)

First of all, is this plausible?
heres what the hacker allegedly used:
Code: 
entropymail.cgi?|tar -cf user.tar /home/user/|
Now, i am sceptical that it would be so easy to hack soemthign which is built into cpanel (i know for a fact this user hadnt installed/used anything) but theres also the possibility that they have signed up for an account themselves (the hacker that is) and they have then use the aforementioned cgi thing to exploit this users site.

What i want to know is is this possible and if so, how would i go about fixing this massive security hole?

- MARK

 

 

 

 

Top