Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Increase in perl script attacks

Discussion in 'Security' started by Damlhen, Jul 29, 2018.

  1. Damlhen

    Damlhen Registered

    Sep 18, 2017
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Recently I have noticed a lot of perpetually running perl scripts on the server. It uses 99% cpu and drastically increases the load on the server.

    The script is run from a /var/tmp/ directory and is initiated through a user's cronjob. It is run every minute. This has happened with a dozen users till now, I know they are not intentionally running it, but some how their site gets hacked. All of them are running WordPress.

    I have little to no knowledge in perl scripting but my guess is its some kind of a crypto mining script.

    Anyway, if anyone can decode the below script and tell me what's it doing, that be of much help.

    - Removed -
    #1 Damlhen, Jul 29, 2018
    Last edited by a moderator: Jul 30, 2018
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Hello @Damlhen,

    As far as detecting and preventing this from happening in the future, the following thread includes some helpful links (you mentioned all of your accounts use WordPress):

    Best Practice: Securing WordPress Installation

    You'll likely receive more user-feedback on this type of question on a website such as StackOverflow where coding discussions are more common.

    Thank you.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice