| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | Priancka Chatz <pc9926(at)gmail(dot)com> |
| Cc: | pgsql-admin <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: Unknown temp directories and library files |
| Date: | 2024-10-11 20:16:39 |
| Message-ID: | 1eb200f88003972f2723967ddc95b70b3e61f5de.camel@cybertec.at |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Fri, 2024-10-11 at 15:47 +0200, Priancka Chatz wrote:
> On Fri, Oct 11, 2024 at 3:09 PM Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> wrote:
> > On Thu, 2024-10-10 at 12:22 +0200, Priancka Chatz wrote:
> > > I am observing a new/unknown behavior on some of my instances. My postgres Data
> > > directory path is /home/postgres/pgdata/pgroot/data. And I see a temp directory
> > > present inside /home/postgres/pgdata which has 100s of directory underneath it
> > > and inside each directory some library files related to Psycopg2. Not sure what
> > > these files are and why it is getting created. I am attaching screenshots for reference.
> > > Can anyone shed some light or direct me to any links to troubleshoot this?
> >
> > I'd say somebody broke into your database and is abusing it for his purposes.
> >
> > If that proves true, rescue what you can of the data and start with a new
> > installation, preferably with better security.
I have no conclusive proof for abuse, but a library has no business in "pgsql_tmp".
That looks very much like somebody guessed your superuser password and is hijacking
the operating system account.
Is that by any event a database accessible on the internet? Did you have a really
secure password?
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Imran Khan | 2024-10-11 20:21:57 | Re: Unknown temp directories and library files |
| Previous Message | Priancka Chatz | 2024-10-11 13:47:10 | Re: Unknown temp directories and library files |