Re: Unknown temp directories and library files

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Priancka Chatz <[email protected]>
To: Laurenz Albe <[email protected]>
Cc: pgsql-admin <[email protected]>
Subject: Re: Unknown temp directories and library files
Date: Fri, 11 Oct 2024 15:47:10 +0200
Message-ID: <CANnOdgYuaUxnx2XwDek3ZQYK0OiO_XniVNhKB-Ezfz6TRANGtQ@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <CANnOdgb=p9mLcg=5BMJ76yEZ+RYR7WHgS1VJRf8EY5VvOcf3ng@mail.gmail.com>
	<[email protected]>

Hi Laurenz,

What kind of security was breached here or you think needs to be tightened
up?  And how to prove this is a security issue or not ?

Pretty worried,
Priyanka

On Fri, Oct 11, 2024 at 3:09 PM Laurenz Albe <[email protected]>
wrote:

> On Thu, 2024-10-10 at 12:22 +0200, Priancka Chatz wrote:
> > I am observing a new/unknown behavior on some of my instances. My
> postgres Data
> > directory path is /home/postgres/pgdata/pgroot/data. And I see a temp
> directory
> > present inside /home/postgres/pgdata which has 100s of directory
> underneath it
> > and inside each directory some library files related to Psycopg2. Not
> sure what
> > these files are and why it is getting created. I am attaching
> screenshots for reference.
> > Can anyone shed some light or direct me to any links to troubleshoot
> this?
>
> I'd say somebody broke into your database and is abusing it for his
> purposes.
>
> If that proves true, rescue what you can of the data and start with a new
> installation, preferably with better security.
>
> Yours,
> Laurenz Albe
>

view thread (10+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: Unknown temp directories and library files
  In-Reply-To: <CANnOdgYuaUxnx2XwDek3ZQYK0OiO_XniVNhKB-Ezfz6TRANGtQ@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox