joined:Feb 12, 2003
Depsite by best efforts, yesterday I noticed that I'd gotten hacked, and the hacker had put in malicious php files in various places on the server to redirect a subset of my traffic to a rogue site.
Since I use Perl and not PHP, it was trivial to find the exploit files, since all I had to do was search for all .php files and know that any matches were evil.
If I used php normally in my development, I'd have thousands of php files and it would have been possible for me to find the exploits just by searching for the .php files. I would have had a mountain of files to wade through.
Think I could have just searched for creation or last modification dates? No dice, the hackers were clever enough to forge the file dates.
In theory a hacker could use Perl, but PHP is certainly the hacker's language of choice.
Score one for Perl. :)