I was tasked on tracking down the cause of a perl process that is hanging on a
client server. The server is opensuse, pretty much out of the box, patched
pretty current. Anyway, below is the first log entry where it looks like
someone attempted to run a perl script. It also appears that a
On 2011-10-28 21:46, Gary Smith wrote:
I was tasked on tracking down the cause of a perl process that is hanging on a
client server. The server is opensuse, pretty much out of the box, patched
pretty current. Anyway, below is the first log entry where it looks like
someone attempted to run
Since they were kind enough to timestamp the download, you can
correlate this with the access log and see the exact exploit used.
Files didn't exist... I look for them first. It appears that they were
downloaded and removed. Either way, it's been identified and temporarily
resolved.