homepage Welcome to WebmasterWorld Guest from 54.204.94.228
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
Forum Library, Charter, Moderators: coopster & jatar k & phranque

Perl Server Side CGI Scripting Forum

    
One esoteric reason for using Perl instead of PHP.
It's easier to find hacked files
MichaelBluejay

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4498823 posted 2:26 pm on Sep 23, 2012 (gmt 0)

Depsite by best efforts, yesterday I noticed that I'd gotten hacked, and the hacker had put in malicious php files in various places on the server to redirect a subset of my traffic to a rogue site.

Since I use Perl and not PHP, it was trivial to find the exploit files, since all I had to do was search for all .php files and know that any matches were evil.

If I used php normally in my development, I'd have thousands of php files and it would have been possible for me to find the exploits just by searching for the .php files. I would have had a mountain of files to wade through.

Think I could have just searched for creation or last modification dates? No dice, the hackers were clever enough to forge the file dates.

In theory a hacker could use Perl, but PHP is certainly the hacker's language of choice.

Score one for Perl. :)

 

janharders

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4498823 posted 3:30 pm on Sep 23, 2012 (gmt 0)

Ha, and a nice argument indeed.

Thinking back, whenever I've been asked to do after-the-fact analysis, the attackers injected php code wherever they could, wether they used a (php app) exploit or obtained ftp access, I've never seen them manipulate or upload perl scripts.

brotherhood of LAN

WebmasterWorld Administrator brotherhood_of_lan us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4498823 posted 3:48 pm on Sep 23, 2012 (gmt 0)

Are you using wordpress?

I'm not sure if there are many Perl CMS's out there :o)

Leosghost

WebmasterWorld Senior Member leosghost us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4498823 posted 4:03 pm on Sep 23, 2012 (gmt 0)

IIRC Brett coded this place in Perl..

I'm not sure if there are many Perl CMS's out there :o)

= Gap in market ? opportunity ? :)

phranque

WebmasterWorld Administrator phranque us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4498823 posted 8:20 pm on Sep 23, 2012 (gmt 0)

Are you using wordpress?
I'm not sure if there are many Perl CMS's out there


Movable Type, for example, doesn't have a wordpress footprint but is not unheard of and Twiki is used fair amount as well.

brotherhood of LAN

WebmasterWorld Administrator brotherhood_of_lan us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4498823 posted 11:42 pm on Sep 23, 2012 (gmt 0)

Ah, I wasn't aware at all. My comment was a bit tongue in cheek... it seems there's 2 or 3 ways sites get hacked...
nothing that's really inherent to PHP,

1) not cleaning GET/POST variables or allowing unclean data into the DOM
2) bad file permissions
3) SQL injection.

It's just that PHP is more widely used to exploit the above. I wish I knew more Perl to be truly neutral on the subject... it seems anyone that programs with Perl doesn't have many bad things to say about it.

If I were to look for vulnerabilities it'd be on wordpress for sure, but there's plenty people already on that already

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved