Date: Thu, 18 Oct 2007 01:04:38 -0500 From: Joshua Isom <jrisom@gmail.com> To: Jack Raats <jack@jarasoft.net> Cc: freebsd-questions Questions <freebsd-questions@freebsd.org> Subject: Re: Strange perl script Message-ID: <2850867d4a18dfbe5eb8e9586c114af0@gmail.com> In-Reply-To: <002101c810f9$10379b80$0202fea9@jarasoft.net> References: <005801c8107c$8b7b93a0$0202fea9@jarasoft.net> <20071017151607.GB51123@gizmo.acns.msu.edu> <002101c810f9$10379b80$0202fea9@jarasoft.net>
next in thread | previous in thread | raw e-mail | index | archive | help
If a simple 'locate sploger' shows nothing(run `periodic weekly` which will update your locate database assuming you're keeping things relatively stock), then in all likelihood you've got an intruder. If some of the other tips posted give no help, and you've got time on your hands, try `grep -l sploger /` and you'll find all files with sploger in it. If you've been broken into and they're being really tricky, it won't work but odds are they aren't that bright if the process is still in ps's output. On Oct 17, 2007, at 3:05 PM, Jack Raats wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > >>> HI >>> >>> Can anyone explain this after ps -ax | grep perl >>> >>> 21893 ?? I 1:02.37 sploger (perl5.8.8) >>> 29536 ?? R 184:14.94 sploger (perl5.8.8) >>> 29538 ?? R 184:36.44 sploger (perl5.8.8) >>> 30668 ?? R 168:56.54 sploger (perl5.8.8) >>> >>> What is sploger? >> >> Looks sort of like a Perl script running. >> That, of course, doesn't say what it is doing. > > The stangest thing is that I cann't find sploger on my system. After a > reboot sploger doesn't appear anymore, which makes it more stranger. > > Jack > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (MingW32) - GPGrelay v0.959 > > iD8DBQFHFmsIPh5RwW/NzC4RAurgAJ9m80yBkOqQSmGvG6y2lPDErml/XACeIm++ > xj50w4ABeltc1MaxQSW04Zw= > =LleI > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2850867d4a18dfbe5eb8e9586c114af0>