Is it explicitly calling perl.exe or just perl? Or could it simply be
invoking whatever is mapped to .pl?
I am thinking that you could:
1) Rename perl.exe to something else and wait for a web site to start
failing. Of course if your site uses perl for various other reasons then
this will be a problem.
2) Put some wrapper around perl. For example if .pl is mapped to
perl.exe then try doing something like this:
ftype PerlScript=c:\perl\bin\perl.exe MyWrapper.pl "%1" %*
Create a MyWrapper.pl that dumps $ARGV[0] (which would be the perl
script that should be run) to a file and then invoke the passed in
script.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, November 16, 2004 2:38 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: How do I find what web scripts are calling PERL.EXE?
Sorry to spam this out to the ActiveState, Web, and Admin groups, but I
wasn't sure exactly where a question like this would go.
I am in the position of hosting a number of sites for which,
unfortunately, I do not have total control. Nor can I shut the system
down whenever I like.
SOMETHING (I don't know what) is calling the perl.exe process, which is
running under the IUSR_MACHINE account. It's using up an inordinate
amount of CPU time. I can't figure out what is doing it. I can't even
run stats on my http logfiles because they seem to be slowing down. And
we have a lot of Perl files.
Windows 2000 Task Manager is of no help, aside from letting me see that
IUSR_MACHINE is using the 5.8 perl.exe file. I can't tell what path it
is to be absolutely sure, but it seems likely that this is a web script
someone has loaded that has gone amok, although other possibilities
exist, such as some trojan that is using my server as a DDoS box.
Numerous copies of PERL.EXE are being called, but occasionally drop down
to just one or two copies, and trying to kill them off in Task Manager
doesn't work, either.
Any ideas on how to make PERL.EXE yield up what is calling it? Using
NTFS auditing would not help, since it would just tell me that
IUSR_MACHINE is doing it. I could conceivably shut down one site at a
time, but that presents its own problems with good service.
I'd be grateful for any help.
Thanks,
Ian
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
