Spam/encrypted CGI script on Host

Computing.Net > Forums > Security and Virus > Spam/encrypted CGI script on Host

Spam/encrypted CGI script on Host

Original Message

Name: C. Woodward
Date: September 10, 2003 at 20:31:30 Pacific
Subject: Spam/encrypted CGI script on Host
OS: Redhat 7.3
CPU/Ram: 1.0Ghz/512 ram

Comment:

So i own a hosting company and one of my clients
had 3 scripps in his cgi-bin directory that were
93211.z 21939.z and 02193.z, the reason we found
these was that he had around 47 perl procs taking up
50 percent CPU usage, when we looked, those were
the only scrips found. yet after i unzipped em, they
were .dats full of non-human readable messages
under the name of
plainmail_sc9938382828_2893983.dat, These 47
perl procs were also causing around 3 Gigs of
transfer a day, but the weird part was that not only
his ip but the others in the pool that he has no
control over were also getting high amounts of traffic
when the scrips were running, unfortunaty after
sending an email, he immediatly stopped so no new
data could be gathered and all 3 of those scrips
disapeared from his account. My question for all is
how was he able to create 600megs of outgoing
packets for the other ip's that he couldnt control, and
please not that i am 99.9 percent sure that the
system was NOT compermised. Well thanks in
advance.

Report Offensive Message For Removal


A question on security slow day for viruses some info 2 ..:) virus alert!!!!! Cookies vs Viruses	virus alert!! BackWeb Paranoia Virus Script Popups Messenger Service Spam Stop Spam ?

unremovable spyware!!!!

network problem

Use following form to reply to current message:

Name: From My Computing.Net Settings E-Mail: From My Computing.Net Settings Subject: Spam/encrypted CGI script on Host

Comments:

  Homepage URL (*): 
Homepage Title (*): 
         Image URL:

Where is the OS version file in XP?

Mail merge lists

all fonts are gone

Xp only boots with ext. drive in

Problem with my IP address?

All Posts Awaiting Replies