[arm-allstar] crontab -e does this look normal?
David McGough
kb4fxc at inttek.net
Fri Apr 3 00:12:32 EDT 2020
NOPE, that is NOT good! Without question, that node is compromised!
I'd recommend reloading from scratch.
73, David KB4FXC
On Thu, 2 Apr 2020, "Matt Rhoades via ARM-allstar" wrote:
> Just wanting to check if these crons are ok, as I was having some brute
> force attacks and also seemed to have a compromised root password.
>
> * */2 * * * /root/.bashtemprc/a/upd>/dev/null 2>&1
> @reboot /root/.bashtemprc/a/upd>/dev/null 2>&1
> 5 8 * * 0 /root/.bashtemprc/b/sync>/dev/null 2>&1
> @reboot /root/.bashtemprc/b/sync>/dev/null 2>&1
> 0 0 */3 * * /tmp/.X21-unix/.rsync/c/aptitude>/dev/null 2>&1
>
> paste:
>
> https://paste.ofcode.org/33T6Kxw5kE9EY66izhdSawp
>
>
More information about the ARM-allstar
mailing list