in reply to Something I found on my site

This does look like an attempt at some sort of exploit—more likely a probe to check for vulnerable servers to plant the real attacks on later.

It tries to disguise itself as lynx (a text-based browser) in the process list, a weak measure, perhaps, but a pretty sure sign their intentions are less than pure.

Then it tries to open a TCP socket to $ARGV[0] on port $ARGV[1] and reopen the 3 standard streams, and send your kernel version and the local user ID and groups to the remote server, and try to start a (remote) shell. Quite possibly the $target is a machine controlled by the attackers.

Whether you should be worried or not? I dunno, that depends on how it got there and whether you can identify the target and the perpetrators.

That, and they didn't use strict. Bastards.

use strict; use warnings; omitted for brevity.

Replies are listed 'Best First'.
Re^2: Something I found on my site
by kennethk (Abbot) on Apr 25, 2014 at 20:25 UTC

    Hell, they didn't even check their opens -- two-argument opens at that! I think we need to send some missionaries into the dark corners of the Internet.

    #11929 First ask yourself `How would I do this without a computer?' Then have the computer do it the same way.

[reply]
Re^2: Something I found on my site
by GnikLlort (Novice) on Apr 25, 2014 at 20:15 UTC

    I removed the file and changed all my passwords just to be safe, thanks for the help.

[reply]

In Section Seekers of Perl Wisdom