Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Igor2021-08-04 18:43:00
linux
Igor, 2021-08-04 18:43:00

Is something generating files at the root of the system?

610ab4320052b907728091.png

A development server, it seems to be nothing to worry about, but an empty file appears every 30 seconds.

-rw-r--r--   1 root root         0 Aug  4 15:09 .r.172.86.o
-rw-r--r--   1 root root         0 Aug  4 15:22 .r.172.87.l
-rw-r--r--   1 root root         0 Aug  4 15:22 .r.172.87.o
-rw-r--r--   1 root root         0 Aug  4 14:59 .r.172.88.l
-rw-r--r--   1 root root         0 Aug  4 14:59 .r.172.88.o
-rw-r--r--   1 root root         0 Aug  4 15:20 .r.172.89.l
-rw-r--r--   1 root root         0 Aug  4 15:19 .r.172.89.o
-rw-r--r--   1 root root         0 Aug  4 15:26 .r.172.8.l
-rw-r--r--   1 root root         0 Aug  4 15:26 .r.172.8.o
-rw-r--r--   1 root root         0 Aug  4 15:11 .r.172.90.l
-rw-r--r--   1 root root         0 Aug  4 15:11 .r.172.90.o
-rw-r--r--   1 root root         0 Aug  4 14:20 .r.172.91.l
-rw-r--r--   1 root root         0 Aug  4 14:20 .r.172.91.o
-rw-r--r--   1 root root         0 Aug  4 15:10 .r.172.92.l
-rw-r--r--   1 root root         0 Aug  4 15:10 .r.172.92.o
-rw-r--r--   1 root root        56 Aug  4 15:25 .r.172.93.l
-rw-r--r--   1 root root       303 Aug  4 15:25 .r.172.93.o
-rw-r--r--   1 root root        19 Aug  4 14:49 .r.172.94.l
-rw-r--r--   1 root root       101 Aug  4 14:49 .r.172.94.o
-rw-r--r--   1 root root         0 Aug  4 14:19 .r.172.95.l
-rw-r--r--   1 root root         0 Aug  4 14:19 .r.172.95.o
-rw-r--r--   1 root root        38 Aug  4 15:09 .r.172.96.l
-rw-r--r--   1 root root       202 Aug  4 15:09 .r.172.96.o
-rw-r--r--   1 root root         0 Aug  4 15:06 .r.172.97.l
-rw-r--r--   1 root root         0 Aug  4 15:06 .r.172.97.o
-rw-r--r--   1 root root         0 Aug  4 15:15 .r.172.98.l
-rw-r--r--   1 root root         0 Aug  4 15:15 .r.172.98.o
-rw-r--r--   1 root root        19 Aug  4 15:21 .r.172.99.l
-rw-r--r--   1 root root       101 Aug  4 15:21 .r.172.99.o
-rw-r--r--   1 root root         0 Aug  4 15:13 .r.172.9.l
-rw-r--r--   1 root root         0 Aug  4 15:13 .r.172.9.o


100 I am sure that the system is infected, someone is using it and not from our team.
Because some user appeared, which I then deleted.

+ In addition, a number of utilities were banned, such as curl/htop/...

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
A
Armenian Radio, 2021-08-04
@gbg

If you want scandals, intrigues, delusions - remove the image, then format it and roll the backup.
If you don't want to, just expand the backup.
No backup - SSZB.

Report
S
Saboteur, 2021-08-05
@saboteur_kiev

1. files are created from root, so it will be a little more difficult to find them, any root process can create them.
2. It doesn't look like it's a cron - it can't take half a minute, the minimum interval is a minute, so most likely it's some kind of already running process. But to clear your conscience, you can also view the crowns.
What exactly is in the files?

Report
V
ValdikSS, 2021-08-06
@ValdikSS

Use the fatrace program .

Similar questions
V
vlarkanov2017-08-09 18:02:45
Maxscale: how to route all requests to one server? 2Reply
R
rd962017-08-09 20:07:50
How to implement 3g/4g gsm bonding of two modems for higher connection stability? 3Reply
S
Skif White2015-09-05 18:50:55
How to backup Evernote in Ubuntu? 1Reply
A
Aram Virabyan2017-08-10 15:24:36
How to stream from Linux? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question