Increase in perl script attacks

Damlhen

Member
Sep 18, 2017
5
0
1
Bhutan
cPanel Access Level
Root Administrator
Recently I have noticed a lot of perpetually running perl scripts on the server. It uses 99% cpu and drastically increases the load on the server.

The script is run from a /var/tmp/ directory and is initiated through a user's cronjob. It is run every minute. This has happened with a dozen users till now, I know they are not intentionally running it, but some how their site gets hacked. All of them are running WordPress.

I have little to no knowledge in perl scripting but my guess is its some kind of a crypto mining script.

Anyway, if anyone can decode the below script and tell me what's it doing, that be of much help.


- Removed -
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,222
463
Hello @Damlhen,

As far as detecting and preventing this from happening in the future, the following thread includes some helpful links (you mentioned all of your accounts use WordPress):

Best Practice: Securing WordPress Installation

Anyway, if anyone can decode the below script and tell me what's it doing, that be of much help.
You'll likely receive more user-feedback on this type of question on a website such as StackOverflow where coding discussions are more common.

Thank you.