[clug] Re: linux Digest, Vol 31, Issue 25

[Mark Triggs]

"Chris" <u4123459 at anu.edu.au> writes:

> Sorry for this late response.
>
> By saying crash, I meant that the server was under severe load and didn't
> response to my commands, or with reasonable lags.
>
> Just as the way you pointed out, there were indeed, lots of http requests,
> and this keeps happening until now. As far as I have gathered, the system
> was somehow instructed to download some Perl files and put them in the
> /tmp folder. Then communicate to a specific server, I presume that is what
> the Perl files were asking it to do. I have hundreds of those Perl files,
> with the same name, but different extensions, something like 001, 002 ...

Who are these files in /tmp/ owned by?  It sounds a bit like you've got
a vulnerable CGI script that allowed them to do this.

Cheers,

Mark

-- 
Mark Triggs
<mst at dishevelled.net>