Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Igor2021-08-04 18:43:00
linux
Igor, 2021-08-04 18:43:00

Is something generating files at the root of the system?

610ab4320052b907728091.png

A development server, it seems to be nothing to worry about, but an empty file appears every 30 seconds.

-rw-r--r--   1 root root         0 Aug  4 15:09 .r.172.86.o
-rw-r--r--   1 root root         0 Aug  4 15:22 .r.172.87.l
-rw-r--r--   1 root root         0 Aug  4 15:22 .r.172.87.o
-rw-r--r--   1 root root         0 Aug  4 14:59 .r.172.88.l
-rw-r--r--   1 root root         0 Aug  4 14:59 .r.172.88.o
-rw-r--r--   1 root root         0 Aug  4 15:20 .r.172.89.l
-rw-r--r--   1 root root         0 Aug  4 15:19 .r.172.89.o
-rw-r--r--   1 root root         0 Aug  4 15:26 .r.172.8.l
-rw-r--r--   1 root root         0 Aug  4 15:26 .r.172.8.o
-rw-r--r--   1 root root         0 Aug  4 15:11 .r.172.90.l
-rw-r--r--   1 root root         0 Aug  4 15:11 .r.172.90.o
-rw-r--r--   1 root root         0 Aug  4 14:20 .r.172.91.l
-rw-r--r--   1 root root         0 Aug  4 14:20 .r.172.91.o
-rw-r--r--   1 root root         0 Aug  4 15:10 .r.172.92.l
-rw-r--r--   1 root root         0 Aug  4 15:10 .r.172.92.o
-rw-r--r--   1 root root        56 Aug  4 15:25 .r.172.93.l
-rw-r--r--   1 root root       303 Aug  4 15:25 .r.172.93.o
-rw-r--r--   1 root root        19 Aug  4 14:49 .r.172.94.l
-rw-r--r--   1 root root       101 Aug  4 14:49 .r.172.94.o
-rw-r--r--   1 root root         0 Aug  4 14:19 .r.172.95.l
-rw-r--r--   1 root root         0 Aug  4 14:19 .r.172.95.o
-rw-r--r--   1 root root        38 Aug  4 15:09 .r.172.96.l
-rw-r--r--   1 root root       202 Aug  4 15:09 .r.172.96.o
-rw-r--r--   1 root root         0 Aug  4 15:06 .r.172.97.l
-rw-r--r--   1 root root         0 Aug  4 15:06 .r.172.97.o
-rw-r--r--   1 root root         0 Aug  4 15:15 .r.172.98.l
-rw-r--r--   1 root root         0 Aug  4 15:15 .r.172.98.o
-rw-r--r--   1 root root        19 Aug  4 15:21 .r.172.99.l
-rw-r--r--   1 root root       101 Aug  4 15:21 .r.172.99.o
-rw-r--r--   1 root root         0 Aug  4 15:13 .r.172.9.l
-rw-r--r--   1 root root         0 Aug  4 15:13 .r.172.9.o


100 I am sure that the system is infected, someone is using it and not from our team.
Because some user appeared, which I then deleted.

+ In addition, a number of utilities were banned, such as curl/htop/...

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
A
Armenian Radio, 2021-08-04
@gbg

If you want scandals, intrigues, delusions - remove the image, then format it and roll the backup.
If you don't want to, just expand the backup.
No backup - SSZB.

Report
S
Saboteur, 2021-08-05
@saboteur_kiev

1. files are created from root, so it will be a little more difficult to find them, any root process can create them.
2. It doesn't look like it's a cron - it can't take half a minute, the minimum interval is a minute, so most likely it's some kind of already running process. But to clear your conscience, you can also view the crowns.
What exactly is in the files?

Report
V
ValdikSS, 2021-08-06
@ValdikSS

Use the fatrace program .

Similar questions
E
elementalist2021-06-02 17:15:04
2 subnets on Mikrotik - LAN and video surveillance. How to get access from LAN to the DVR? 3Reply
U
unlik2018-01-09 04:26:45
How to make a simple calculator? 12Reply
P
Pavel Emelyanov2018-01-16 09:11:39
Why does the extensions_additional.conf file change after entering the web interface? 3Reply
I
Ilnur Karimov2017-07-17 20:44:55
Can't find package linux-headers? 3Reply
V
Vyacheslav2017-07-18 15:44:44
Ubuntu network setup or how to combine wi-fi and LAN? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question