Hi All,
New here,
I was hacked on the weekend and have since booted them off my server and
shut down all ports except 25,80 and 443.
I have found a hack script in my /tmp and / directory and it is perl. Are
there any perl experts who could take a look at it tell me how it came to be
on my system? I run phpnuke so was thinking maybe they got it in somehow
that way. Server has been online for 2 years now and this is the first hack
(well that i know about). Server runs http://www.ore.co.nz with 600 members
so I am not so tempted to take it offline as no damage has been done yet.
Also the server box runs NAT and does all its own firewalling with iptables.
Any thoughts on an external firewall? I'm thinking maybe this might be a
safer bet cause if they break into that they can't exactly do much??
Cheers
Mike
- Brand new perl hack script Mike Stent
-
