Killing perl processes

Unfortunately sometimes happens when hackers can break a website on our hosting service and manage to run some scripts which usually written in Perl. This scripts eats the server’s memory and cpu resources while try to crack passwords and accounts. What can we do when it happends?

If you ara lucky you can reach the server and kill all malicious scripts. Because we run all of our services in virtualized environment  it’s easy to reach it in every condition. When I loged in I looked for user who started the perl script with top or ps x commands. Relatively easy to spot him because he runs many scripts which use the most of cpu in top.

First try should be

killall -u username

This isn’t work in all cases because clever scripts immediately restarted by another one which wasn’t found by killall. (I’m investigating this.) solution is lsof which can list all opened files with process id and owner.

lsof | grep username | grep perl | cut -b 11-20 | uniq | xargs kill -9

I filtered output of lsof with grep for username and perl. After I cut process id and pass process id list to kill with uniq command.

All perl process killed now you should say the owner of the page to correct this problem and close the backdoor.

2 Hozzászólás

  • Sammy
    Posted 2012. okt. 20. 06:54 0Likes

    Hello there, I think your website may be having browser compatibility issues.
    Whenever I look at your web site in Safari, it looks fine
    however, when opening in IE, it’s got some overlapping issues. I simply wanted to give you a quick heads up!

  • Marina
    Posted 2012. okt. 27. 02:03 0Likes

    Attractive component of content. I just stumbled
    upon your website and in accession capital to say that I acquire actually loved account your blog posts.
    Anyway I will be subscribing to your feeds or even I success you
    get entry to constantly quickly.

Ehhez nem lehet hozzászólni.

Kövess minket!