[RESOLVED] php / perl exploits??

snapbackz

I found this in my server logs and I'm told it's being used to exploit my website.... I don't understand what this is doing or how I can prevent this? Can someone tell me what's going on with this? :eek:

bpat1434

THe form of the log is this:

mywebsite.com:195.7.17.82 - - [30/May/2008:19:44:48 -0500] "GET / HTTP/1.1" 200 16757 "-" "libwww-perl/5.805"

What's in sea green is the site name (obviously)
What's in red is the Remote user's IP address
Blue is the date (duh!)
What's bold is the actual HTTP header that was requested
What's in purple is the HTTP response code (200 means "OK")
I believe the numbers following what's in purple is the content length
And what's italicized is the interpreter used.

In all of these cases, your perl interpreter is being used as an attack point. Not sure how you have your server set up, nor do we know anything about your current security settings. You might want to ask this on a Perl board as they might be able to help you better.