Strange perl script

Paul Schmehl pauls at
Wed Oct 17 14:07:54 PDT 2007

--On Wednesday, October 17, 2007 16:15:27 -0400 Josh Carroll 
<josh.carroll at> wrote:

>> The stangest thing is that I cann't find sploger on  my system. After a
>> reboot sploger doesn't appear anymore, which makes it more stranger.
> So you have done a:
> find / -name sploger -type f
> And nothing comes up? If that's the case, it sounds like it was a perl
> script that was run, then subsequently removed from the file system.
> Which sounds rather nefarious to me. You might want to check for
> rootkits, etc.
If you google for "sploger+perl", all you get is stuff that looks like 
hacked websites being run as spam operations.

Look in /tmp for anything unusual, like directories named ".  " or "..  " 
or similar.  Look for oddly named files in /tmp, such as dp, xz, etc.

Look at your website logs carefully.  I suspect a malicious script has been 
run through some exploit such as php or perl or an apache weakness.

Is all your software completely patched up to date?

Paul Schmehl (pauls at
Senior Information Security Analyst
The University of Texas at Dallas

More information about the freebsd-questions mailing list