Recently I have noticed a lot of perpetually running perl scripts on the server. It uses 99% cpu and drastically increases the load on the server.
The script is run from a /var/tmp/ directory and is initiated through a user's cronjob. It is run every minute. This has happened with a dozen users till now, I know they are not intentionally running it, but some how their site gets hacked. All of them are running WordPress.
I have little to no knowledge in perl scripting but my guess is its some kind of a crypto mining script.
Anyway, if anyone can decode the below script and tell me what's it doing, that be of much help.
- Removed -
The script is run from a /var/tmp/ directory and is initiated through a user's cronjob. It is run every minute. This has happened with a dozen users till now, I know they are not intentionally running it, but some how their site gets hacked. All of them are running WordPress.
I have little to no knowledge in perl scripting but my guess is its some kind of a crypto mining script.
Anyway, if anyone can decode the below script and tell me what's it doing, that be of much help.
- Removed -
Last edited by a moderator:
