Perl Hacked
Can someone please help i keep getting these emails i dont know what to do i think the website is hacked
Time: Thu Apr 16 09:01:07 2015 +0300
PID: 3569 (Parent PID:2925)
Account: XXXXXX
Uptime: 80080 seconds
Executable:
/usr/bin/perl
Command Line (often faked in exploits):
/usr/bin/perl -I/usr/local/bandmin\r 22.pl
-
I see messages similar to this frequently, and it's usually after some update or another. I get the impression that when a program is running in memory, and an update is performed, the updated file cannot launch because the old one is still running in memory. Usually restarting the particular service will fix this. Check your logs to see if Perl has been updated at all. Var/log/yum.log Maybe Apache is the service to restart ?? 0 -
/usr/bin/perl -I/usr/local/bandmin\r 22.pl
I suggest you hire a security expert right away if you're unsure of the path forward. You are in trouble.0 -
I suggest you hire a security expert right away if you're unsure of the path forward. You are in trouble.
how can i delete this file ?0 -
I'm unable to assist you with this and is why I suggested you hire someone. For all we know your entire server is compromised, deleting that one file is most likely, not enough. 0 -
I'm unable to assist you with this and is why I suggested you hire someone. For all we know your entire server is compromised, deleting that one file is most likely, not enough.
any security experts suggestions ?0 -
You might want to contact your Hosting Provider for suggestions. 0 -
I see messages similar to this frequently, and it's usually after some update or another. I get the impression that when a program is running in memory, and an update is performed, the updated file cannot launch because the old one is still running in memory. Usually restarting the particular service will fix this. Check your logs to see if Perl has been updated at all. Var/log/yum.log Maybe Apache is the service to restart ??
i did this and till now i didn't receive any of that emails0 -
The message you quote from keat63 is of no use to you in this situation. That file on your server is not from a perl upgrade, it's a perl hacking script. Your server is compromised and that script has been running for over 22 hours. Stop wasting time posting here, go find a security expert. 0 -
The message you quote from keat63 is of no use to you in this situation. That file on your server is not from a perl upgrade, it's a perl hacking script. Your server is compromised and that script has been running for over 22 hours. Stop wasting time posting here, go find a security expert.
THANK YOU I WILL NOW0
Please sign in to leave a comment.
Comments
9 comments