I'm really starting to get...
I'm really starting to get ticked off now. Over the past two weeks I've had to have my dedicated server rebooted 8 times, because of perl scripts that are appearing in /tmp.
Just a few hours ago, this: http://www.google.com/search?q=gr33t...fr3aky%2C+etc. appeared in my /tmp directory, and it obviously ate up bandwidth until I had to have it rebooted.
How are these perl scripts getting in? The last few times it was some sort of IRC bot taking up 100% CPU time.
I found this in my /var/log/httpd/error_log:
% Total % Received % Xferd Average Speed Time Curr.
Dload Upload Total Current Left Speed
100 18891 100 18891 0 0 22198 0 0:00:00 0:00:00 0:00:00 233k
% Total % Received % Xferd Average Speed Time Curr.
Dload Upload Total Current Left Speed
100 18891 100 18891 0 0 23584 0 0:00:00 0:00:00 0:00:00 215k
% Total % Received % Xferd Average Speed Time Curr.
Dload Upload Total Current Left Speed
100 18891 100 18891 0 0 24034 0 0:00:00 0:00:00 0:00:00 215k
% Total % Received % Xferd Average Speed Time Curr.
Dload Upload Total Current Left Speed
14 18891 14 2681 0 0 4622 0 0:00:04 0:00:00 0:00:03 4622 % Total % Received % Xferd Average Speed Time Curr.
Dload Upload Total Current Left Speed
100 18891 100 18891 0 0 30033 0 0:00:00 0:00:00 0:00:00 323k
100 18891 100 18891 0 0 11799 0 0:00:01 0:00:01 0:00:00 58704
rm: cannot remove `a.pl': No such file or directory
% Total % Received % Xferd Average Speed Time Curr.
Dload Upload Total Current Left Speed
100 18891 100 18891 0 0 2549 0 0:00:07 0:00:07 0:00:00 213k
Last time I found evidence of wget, so I (as a quick fix) renamed it. Now it looks like they're executing some other downloading utility?
I'm really at a loss as to how this crap is coming in. I'm running the latest Plesk, as well as the latest apache, and the latest PHP.
Any help would be much appreciated.
Thanks.
TM
