Hi people, a friend of mine's server was hacked recently and the hacker turned up on my forum recently and described what he did. He told me to run a test on my server to see if there was a security hole in mine too. He gave me the following:
$socket = IO::Socket::INET->new(Proto => "udp") or die "Socket error: $@\n";
$ipaddr = inet_aton($host);
$portaddr = sockaddr_in($port, $ipaddr);
send($socket, $buf, 0, $portaddr) == length($buf) or die "Can't send: $!\n";
print "Now, '$host' must be dead : )\n";
The trouble is, I don't know PHP and since he is a hacker, would like to know what the above code is going to do. Is it malliscious?

Is there more to that script? It is trying to send $buf to the host. If $buf is a very large string it could be a DoS script.

This is a link to what he says, http://www.computerforums.org/php/showthread.php?s=&threadid=359
The above script is his signature.

Well that PHP code on its own will do nothing at all. If given $host, $port and $buf, it will send the data in $buf to $host on UDP port $port.

Originally posted by matrix28
...
$socket = IO::Socket::INET->new(Proto => "udp") or die "Socket error: $@\n";
$ipaddr = inet_aton($host);
$portaddr = sockaddr_in($port, $ipaddr);
send($socket, $buf, 0, $portaddr) == length($buf) or die "Can't send: $!\n";
print "Now, '$host' must be dead : )\n";
The trouble is, I don't know PHP .... Is it malliscious? [/B]

That's perl code, not PHP. Without seeing the rest of the script, I cant tell you what it does other than attempt to connect to an IP address via the udp proto. It's possible that it could be scanning for open ports.

~Charlie

Originally posted by probonic
Well that PHP code on its own will do nothing at all. If given $host, $port and $buf, it will send the data in $buf to $host on UDP port $port.
Is that bad or innocent?

Originally posted by matrix28
Is that bad or innocent? Neither. Would you say a hammer is "bad" when it's pounding nails, or only when it hits you on the head?

Is it safe to run and see what it does?

The code when run with perl by itself will not do anything at all. The values that are not defined ($host, $post, and $buf) will all be returned as 0 and several of the functions will result in errors (inet_aton being the first). You need more of the code in order to see exactly what the script does.

that code is safe, i use almost identical code to query gameservers, and make stats. unless its in a loop and sends huge ammounts of data, which, it cant, unless you make $buf equal to something huge.



$this->gs_socket = fsockopen("udp://".$this->gs_address, $this->gs_port, $errno, $errstr, 15);

if(!$this->gs_socket) return $output = array ( "error" => "Error can't connect to Server !! Error: $errno -- $errstr")



^^^ an excpert from code i use to query half life gameservers, to show players, and frags. When used in the right way, its harmless.