Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??

I am afraid that its probably a fairly standard script to give a web based terminal emulator or file manager on your site. The common exploit path is to use a vulnerability in a site to upload a script which can then be called to gain further access. It will probably be impossible to trace what the attacker actually did although a good starting point is a grep for that script name in the access logs. It may give a clue as to when it was added and how to help you secure the site.

What you need to do now is to backup all files and databases. Then delete all files from your site and clear the database. Don't assume that you have managed to find all the files, if the attacker had access to your site they could have modified any code in any file. Don't be tempted to use the same database, if any section of your database contains html to be rendered in the page it could have been modified to add malicious javascript.

Restore your database from a backup taken prior to the exploit. Install the latest version of whatever software you are using on the site with all security patches applied and security configuration recommendations followed. You also should change every password associated with the site. Now you can use the backups of the exploited site in a separate environment to carefully extract any recent changes which were not in the backup.

It may sound paranoid but I have been dealing with the aftermath of website exploits like this for years. I have seen more sites than I can count exploited again because people did not properly secure and clean their sites.


In reply to Re: Malicious Perl Scripts & Web Development by rnewsham
in thread Malicious Perl Scripts & Web Development by Anonymous Monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (2)
As of 2022-12-09 19:25 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?