One esoteric reason for using Perl instead of PHP.

Forum Moderators: coopster & phranque

Message Too Old, No Replies

One esoteric reason for using Perl instead of PHP.

It's easier to find hacked files

MichaelBluejay

2:26 pm on Sep 23, 2012 (gmt 0)

Depsite by best efforts, yesterday I noticed that I'd gotten hacked, and the hacker had put in malicious php files in various places on the server to redirect a subset of my traffic to a rogue site.

Since I use Perl and not PHP, it was trivial to find the exploit files, since all I had to do was search for all .php files and know that any matches were evil.

If I used php normally in my development, I'd have thousands of php files and it would have been possible for me to find the exploits just by searching for the .php files. I would have had a mountain of files to wade through.

Think I could have just searched for creation or last modification dates? No dice, the hackers were clever enough to forge the file dates.

In theory a hacker could use Perl, but PHP is certainly the hacker's language of choice.

Score one for Perl. :)

janharders

3:30 pm on Sep 23, 2012 (gmt 0)

Ha, and a nice argument indeed.

Thinking back, whenever I've been asked to do after-the-fact analysis, the attackers injected php code wherever they could, wether they used a (php app) exploit or obtained ftp access, I've never seen them manipulate or upload perl scripts.

brotherhood of LAN

3:48 pm on Sep 23, 2012 (gmt 0)

Are you using wordpress?

I'm not sure if there are many Perl CMS's out there :o)

Leosghost

4:03 pm on Sep 23, 2012 (gmt 0)

IIRC Brett coded this place in Perl..

I'm not sure if there are many Perl CMS's out there :o)

= Gap in market ? opportunity ? :)

phranque

8:20 pm on Sep 23, 2012 (gmt 0)

Are you using wordpress?
I'm not sure if there are many Perl CMS's out there

Movable Type, for example, doesn't have a wordpress footprint but is not unheard of and Twiki is used fair amount as well.

brotherhood of LAN

11:42 pm on Sep 23, 2012 (gmt 0)

Ah, I wasn't aware at all. My comment was a bit tongue in cheek... it seems there's 2 or 3 ways sites get hacked...
nothing that's really inherent to PHP,

1) not cleaning GET/POST variables or allowing unclean data into the DOM
2) bad file permissions
3) SQL injection.

It's just that PHP is more widely used to exploit the above. I wish I knew more Perl to be truly neutral on the subject... it seems anyone that programs with Perl doesn't have many bad things to say about it.

If I were to look for vulnerabilities it'd be on wordpress for sure, but there's plenty people already on that already