[arm-allstar] crontab -e does this look normal?

David McGough kb4fxc at inttek.net
Fri Apr 3 00:12:32 EDT 2020


NOPE, that is NOT good! Without question, that node is compromised!

I'd recommend reloading from scratch.


73, David KB4FXC


On Thu, 2 Apr 2020, "Matt Rhoades via ARM-allstar" wrote:

> Just wanting to check if these crons are ok, as I was having some brute
> force attacks and also seemed to have a compromised root password.
> 
> * */2 * * * /root/.bashtemprc/a/upd>/dev/null 2>&1
> @reboot /root/.bashtemprc/a/upd>/dev/null 2>&1
> 5 8 * * 0 /root/.bashtemprc/b/sync>/dev/null 2>&1
> @reboot /root/.bashtemprc/b/sync>/dev/null 2>&1
> 0 0 */3 * * /tmp/.X21-unix/.rsync/c/aptitude>/dev/null 2>&1
> 
> paste:
> 
> https://paste.ofcode.org/33T6Kxw5kE9EY66izhdSawp
> 
> 



More information about the ARM-allstar mailing list