Last month I wrote a program that wraps around the Perl executable, and all it does it copy files given to Perl, and then passes on control to Perl. I did this because we at The Office kept running into sript kiddie Perl scripts consuming resources on our servers.
Checking the process wouldn't reveal much—they always start in
/tmp and would be owned by the web server process, so we knew how they were coming in, just not where (i.e. which site was exploited). Worse, these scripts would be started up, then deleted once running, so viewing said scripts was impossible.
Thus, by wrapping the Perl executable to record as much information about each running script as possible, we could gather information about how they might be getting in.
And tonight, we finally caught one! And better still—we know which site was exploited!
Now, begins the process of finding out which PHP script (sigh—it figures) is poorly written.
Oh, by the way, Happy Easter!
You have my permission to link freely to any entry here. Go
ahead, I won't bite. I promise.
The dates are the permanent links to that day's entries (or
entry, if there is only one entry). The titles are the permanent
links to that entry only. The format for the links are
simple: Start with the base link for this site: http://boston.conman.org/, then add the date you are
interested in, say 2000/08/01,
so that would make the final URL:
You can also specify the entire month by leaving off the day
portion. You can even select an arbitrary portion of time.
You may also note subtle shading of the links and that's
intentional: the “closer” the link is (relative to the
page) the “brighter” it appears. It's an experiment in
using color shading to denote the distance a link is from here. If
you don't notice it, don't worry; it's not all that
It is assumed that every brand name, slogan, corporate name,
symbol, design element, et cetera mentioned in these pages is a
protected and/or trademarked entity, the sole property of its
owner(s), and acknowledgement of this status is implied.