Strange perl script
Joshua Isom
jrisom at gmail.com
Wed Oct 17 23:04:37 PDT 2007
If a simple 'locate sploger' shows nothing(run `periodic weekly` which
will update your locate database assuming you're keeping things
relatively stock), then in all likelihood you've got an intruder. If
some of the other tips posted give no help, and you've got time on your
hands, try `grep -l sploger /` and you'll find all files with sploger
in it. If you've been broken into and they're being really tricky, it
won't work but odds are they aren't that bright if the process is still
in ps's output.
On Oct 17, 2007, at 3:05 PM, Jack Raats wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>>> HI
>>>
>>> Can anyone explain this after ps -ax | grep perl
>>>
>>> 21893 ?? I 1:02.37 sploger (perl5.8.8)
>>> 29536 ?? R 184:14.94 sploger (perl5.8.8)
>>> 29538 ?? R 184:36.44 sploger (perl5.8.8)
>>> 30668 ?? R 168:56.54 sploger (perl5.8.8)
>>>
>>> What is sploger?
>>
>> Looks sort of like a Perl script running.
>> That, of course, doesn't say what it is doing.
>
> The stangest thing is that I cann't find sploger on my system. After a
> reboot sploger doesn't appear anymore, which makes it more stranger.
>
> Jack
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (MingW32) - GPGrelay v0.959
>
> iD8DBQFHFmsIPh5RwW/NzC4RAurgAJ9m80yBkOqQSmGvG6y2lPDErml/XACeIm++
> xj50w4ABeltc1MaxQSW04Zw=
> =LleI
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list