deleted perl hacks in /tmp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have some web servers which occasionally have hacks that are uploaded that
change their name to look like apache and somehow get apache to send requests
to them.  The result is that people somewhat randomly get pages advertising
self enhancing drugs etc.  The hacks are perl scripts, but they are run from
/tmp and then deleted.  Trying to get anything out of /proc/pid/fd/whatever
just yields an empty file.  Anyone have any ideas on how to recover the
original script?  Right now I just have a process checking for them and
whacking them when I see them, but I'd like to know more about them to actually
prevent them from happening.

Any thoughts would be appreciated!

Chris
--
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Newbie]     [Audio]     [Hams]     [Kernel Newbies]     [Util Linux NG]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Device Drivers]     [Samba]     [Video 4 Linux]     [Git]     [Fedora Users]

  Powered by Linux