I am afraid that its probably a fairly standard script to give a web based terminal emulator or file manager on your site. The common exploit path is to use a vulnerability in a site to upload a script which can then be called to gain further access. It will probably be impossible to trace what the attacker actually did although a good starting point is a grep for that script name in the access logs. It may give a clue as to when it was added and how to help you secure the site.
What you need to do now is to backup all files and databases. Then delete all files from your site and clear the database. Don't assume that you have managed to find all the files, if the attacker had access to your site they could have modified any code in any file. Don't be tempted to use the same database, if any section of your database contains html to be rendered in the page it could have been modified to add malicious javascript.
Restore your database from a backup taken prior to the exploit. Install the latest version of whatever software you are using on the site with all security patches applied and security configuration recommendations followed. You also should change every password associated with the site. Now you can use the backups of the exploited site in a separate environment to carefully extract any recent changes which were not in the backup.
It may sound paranoid but I have been dealing with the aftermath of website exploits like this for years. I have seen more sites than I can count exploited again because people did not properly secure and clean their sites.
In reply to Re: Malicious Perl Scripts & Web Development
by rnewsham
in thread Malicious Perl Scripts & Web Development
by Anonymous Monk
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |