On Fri, 2024-10-11 at 15:47 +0200, Priancka Chatz wrote: > On Fri, Oct 11, 2024 at 3:09 PM Laurenz Albe <laurenz.albe@xxxxxxxxxxx> wrote: > > On Thu, 2024-10-10 at 12:22 +0200, Priancka Chatz wrote: > > > I am observing a new/unknown behavior on some of my instances. My postgres Data > > > directory path is /home/postgres/pgdata/pgroot/data. And I see a temp directory > > > present inside /home/postgres/pgdata which has 100s of directory underneath it > > > and inside each directory some library files related to Psycopg2. Not sure what > > > these files are and why it is getting created. I am attaching screenshots for reference. > > > Can anyone shed some light or direct me to any links to troubleshoot this? > > > > I'd say somebody broke into your database and is abusing it for his purposes. > > > > If that proves true, rescue what you can of the data and start with a new > > installation, preferably with better security. I have no conclusive proof for abuse, but a library has no business in "pgsql_tmp". That looks very much like somebody guessed your superuser password and is hijacking the operating system account. Is that by any event a database accessible on the internet? Did you have a really secure password? Yours, Laurenz Albe
