Portal Home > Knowledgebase > Articles Database > What is this perl running on my website?
What is this perl running on my website?
| Posted by oozypal, 03-08-2011, 10:21 AM |
| Hello
What is this perl running on my website?
How can I terminate it?
Attached Thumbnails
|
| Posted by Patrick, 03-08-2011, 10:33 AM |
| Is it running as the user, or as nobody or as root? If it's running as the user you can do a pkill -u user via SSH to kill all of your processes; it will also log you out of SSH. You will then have to determine where it came from, in some cases it could be something malicious... You'll want to check your website access logs and the Apache suexec log to see if anything helpful has been recorded. Also look around your public_html directory, cgi-bin directory, etc, for any unusual files.
|
| Posted by Hillockhosting, 03-08-2011, 10:39 AM |
| cd /tmp
ls -al *.pl
and check if any bot script is present and remove it
|
| Posted by oozypal, 03-08-2011, 10:53 AM |
| ls -al *.pl
returns none
I tried to kill the process with pkill -u user
and no help
|
| Posted by YUPAPA, 03-08-2011, 11:27 AM |
| Do an lsof and see the open files.
That's what I usually do when I come across something like this. Don't kill anything until you are sure where this originate from. You're wiping out the evidence if you kill.
|
| Posted by kevinnivek, 03-08-2011, 05:39 PM |
| ls -la /tmp , perl scripts dont have to be .pl to run. Sometimes people name the scripts with the .txt extension.
View anything suspicious , and ensure all the software on your server is up to date. Consider employing mod_security.
|
Add to Favourites 
Print this Article
Also Read
