From: | "Bartosz Dmytrak" <bdmytrak(at)gmail(dot)com> |
---|---|
To: | "'Adrian Klaver'" <adrian(dot)klaver(at)aklaver(dot)com> |
Cc: | <pgsql-general(at)postgresql(dot)org> |
Subject: | RE: posgresql.log |
Date: | 2018-05-22 06:35:47 |
Message-ID: | 021c01d3f197$1ecaf6d0$5c60e470$@gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
-----Original Message-----
From: Adrian Klaver [mailto:adrian(dot)klaver(at)aklaver(dot)com]
Sent: Tuesday, May 22, 2018 12:03 AM
To: Bartosz Dmytrak <bdmytrak(at)gmail(dot)com>; pgsql-general(at)postgresql(dot)org
Subject: Re: posgresql.log
On 05/21/2018 02:40 PM, Bartosz Dmytrak wrote:
> Hi Gurus,
>
> Looking into my postgresql.log on one of my test servers I found scary
> entry:
Is there a Web app running on this server?
The log entries below are from the Postgres logs in?:
/var/log/postgresql/
>
> --2018-05-19 05:28:21-- http://207.148.79.161/post0514/post
>
> Connecting to 207.148.79.161:80... connected.
>
> HTTP request sent, awaiting response... 200 OK
>
> Length: 1606648 (1.5M) [application/octet-stream]
Hmm, the below says it downloaded 12.5M.
>
> Saving to: ‘/var/lib/postgresql/10/main/postgresq1’
The postgresq1 file is actually there?
If so have you looked at the file:
file postgresq1
to get an idea of what it is?
>
> 0K .......... .......... .......... .......... .......... 3% 71.0K
> 21s
>
> 50K .......... .......... .......... .......... .......... 6%
> 106K 17s
>
> 100K .......... .......... .......... .......... .......... 9%
> 213K 13s
>
> 150K .......... .......... .......... .......... .......... 12%
> 213K 11s
>
> 200K .......... .......... .......... .......... .......... 15%
> 16.3M 9s
>
> 250K .......... .......... .......... .......... .......... 19%
> 215K 8s
>
> 300K .......... .......... .......... .......... .......... 22%
> 15.6M 7s
>
> 350K .......... .......... .......... .......... .......... 25%
> 11.7M 6s
>
> 400K .......... .......... .......... .......... .......... 28%
> 219K 5s
>
> 450K .......... .......... .......... .......... .......... 31%
> 12.1M 5s
>
> 500K .......... .......... .......... .......... .......... 35%
> 11.7M 4s
>
> 550K .......... .......... .......... .......... .......... 38%
> 12.2M 3s
>
> 600K .......... .......... .......... .......... .......... 41%
> 12.1M 3s
>
> 650K .......... .......... .......... .......... .......... 44%
> 228K 3s
>
> 700K .......... .......... .......... .......... .......... 47%
> 12.2M 3s
>
> 750K .......... .......... .......... .......... .......... 50%
> 12.1M 2s
>
> 800K .......... .......... .......... .......... .......... 54%
> 11.7M 2s
>
> 850K .......... .......... .......... .......... .......... 57%
> 12.1M 2s
>
> 900K .......... .......... .......... .......... .......... 60%
> 11.8M 2s
>
> 950K .......... .......... .......... .......... .......... 63%
> 12.1M 1s
>
> 1000K .......... .......... .......... .......... .......... 66%
> 12.0M 1s
>
> 1050K .......... .......... .......... .......... .......... 70%
> 243K 1s
>
> 1100K .......... .......... .......... .......... .......... 73%
> 12.1M 1s
>
> 1150K .......... .......... .......... .......... .......... 76%
> 12.1M 1s
>
> 1200K .......... .......... .......... .......... .......... 79%
> 11.7M 1s
>
> 1250K .......... .......... .......... .......... .......... 82%
> 12.1M 1s
>
> 1300K .......... .......... .......... .......... .......... 86%
> 12.1M 0s
>
> 1350K .......... .......... .......... .......... .......... 89%
> 11.8M 0s
>
> 1400K .......... .......... .......... .......... .......... 92%
> 12.1M 0s
>
> 1450K .......... .......... .......... .......... .......... 95%
> 12.1M 0s
>
> 1500K .......... .......... .......... .......... .......... 98%
> 11.8M 0s
>
> 1550K .......... ........ 100% 12.5M=2.6s
>
> 2018-05-19 05:28:25 (598 KB/s) -
> ‘/var/lib/postgresql/10/main/postgresq1’ saved [1606648/1606648]
>
> Downloaded file is not posgresql but postgresq1(one).
>
> It was pure pg instalation without any contrib modules addons etc,
> istalled on ubuntu box by apt manager using repos:
>
> http://apt.postgresql.org/pub/repos/apt xenial-pgdg/main
>
> http://apt.postgresql.org/pub/repos/apt xenial-pgdg
>
> I have never seen such entry on other my other servers…
>
> Could you be so kind and explain me what is it? I am afraid my
> postgres has been hacekd.
>
> Best Regards
>
> */Bartosz Dmytrak/*
>
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
HI, thanks for response,
Yes - there is also webapp running on the server, but still it's rather odd to find it's logs in postgresql.log file (located in /var/log/postgresql, where my log exists). postgresq1 file exists in /var/lib/postgresql/10/main and it's binary file, I've also noticed there is a n596tx.so which is not a part of standard installation.
Fortunately there is no important data on this server so, a according to other advice, I'll rebuilt it with more aggressive security settings and I'll apply them to other servers too.
Best regards,
Bartek
From | Date | Subject | |
---|---|---|---|
Next Message | Bartosz Dmytrak | 2018-05-22 06:47:50 | RE: posgresql.log |
Previous Message | Stuart McGraw | 2018-05-22 05:48:20 | source of connection fails at pg startup? |