How to block these "scripts" from running.

2025-04-21

I have seen the following two scripts ran on servers that I manage and I am looking for a method to block them,

The first is named unziper.pl and has the contents listed below:

#!/usr/bin/perl

use Archive::Zip qw( :ERROR_CODES :CONSTANTS );
use CGI qw(param);

my $zip = Archive::Zip->new();
my $archive= param('archive');
my $unlink= param('unlink');

print "Content-type: text/html\n\n";

if(-e($archive))
{
if($zip->read($archive) == AZ_OK)
{
$zip->extractTree();
print "<b>$archive</b> unzipped ok!<br>\n";
if($unlink)
{
print "<b>$archive</b> unlinked success<br>\n" if unlink($archive);
}
}
else
{
print "Somthing wrong!!!";
}
}

print qq~
<form method=post>
Unzip file: <select name=archive>
~;
foreach(<*.zip>)
{
print "<option value='$_'>$_\n";
}

print qq~
</select><br>
<input type=checkbox name=unlink> Unlink after unzip?<br>
<input type=submit value=submit>
</form>
~;

The second is a mass mailing script named dm.cgi that is encoded. The config file looks like follows:

MAILBASE=./2/3/ua.txt
FROM=./from.txt
REPLYTO=./replyto.txt
SUBJECT=./subject.txt
LETTER=./16-1.html
ATTACH=./attach.txt
PROXY=./proxy.txt
DNS=205.233.109.39
THREADS=96
TIMEOUT=10
CHARSET=win
MAILER=random
PRIORITY=normal
PROXYER=15
PROXYCN=1
PROXYWR=2
PROXYRD=2
PROXYUP=30
# LOCAL=localhost
CTIME=3
#FAKEDATE=yes
# FAKEFROM=no
EXCTNAME=yes
UCINNAME=yes
MODE=send

These two scripts are used by many spammers and it would be great if I could prevent them from running.