Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical

Re: Something I found on my site

by rjt (Curate)
on Apr 25, 2014 at 20:07 UTC ( #1083850=note: print w/replies, xml ) Need Help??

in reply to Something I found on my site

This does look like an attempt at some sort of exploit—more likely a probe to check for vulnerable servers to plant the real attacks on later.

It tries to disguise itself as lynx (a text-based browser) in the process list, a weak measure, perhaps, but a pretty sure sign their intentions are less than pure.

Then it tries to open a TCP socket to $ARGV[0] on port $ARGV[1] and reopen the 3 standard streams, and send your kernel version and the local user ID and groups to the remote server, and try to start a (remote) shell. Quite possibly the $target is a machine controlled by the attackers.

Whether you should be worried or not? I dunno, that depends on how it got there and whether you can identify the target and the perpetrators.

That, and they didn't use strict. Bastards.

use strict; use warnings; omitted for brevity.

Replies are listed 'Best First'.
Re^2: Something I found on my site
by kennethk (Abbot) on Apr 25, 2014 at 20:25 UTC

    Hell, they didn't even check their opens -- two-argument opens at that! I think we need to send some missionaries into the dark corners of the Internet.

    #11929 First ask yourself `How would I do this without a computer?' Then have the computer do it the same way.

Re^2: Something I found on my site
by GnikLlort (Novice) on Apr 25, 2014 at 20:15 UTC

    I removed the file and changed all my passwords just to be safe, thanks for the help.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1083850]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (2)
As of 2020-04-06 02:16 GMT
Find Nodes?
    Voting Booth?
    The most amusing oxymoron is:

    Results (36 votes). Check out past polls.