Search Postgresql Archives

RE: posgresql.log

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


-----Original Message-----
From: Adrian Klaver [mailto:adrian.klaver@xxxxxxxxxxx] 
Sent: Tuesday, May 22, 2018 12:03 AM
To: Bartosz Dmytrak <bdmytrak@xxxxxxxxx>; pgsql-general@xxxxxxxxxxxxxx
Subject: Re: posgresql.log

On 05/21/2018 02:40 PM, Bartosz Dmytrak wrote:
> Hi Gurus,
> 
> Looking into my postgresql.log on one of my test servers I found scary
> entry:

Is there a Web app running on this server?

The log entries below are from the Postgres logs in?:

/var/log/postgresql/

> 
> --2018-05-19 05:28:21--  http://207.148.79.161/post0514/post
> 
> Connecting to 207.148.79.161:80... connected.
> 
> HTTP request sent, awaiting response... 200 OK
> 
> Length: 1606648 (1.5M) [application/octet-stream]

Hmm, the below says it downloaded 12.5M.

> 
> Saving to: ‘/var/lib/postgresql/10/main/postgresq1’

The postgresq1 file is actually there?

If so have you looked at the file:

file postgresq1

to get an idea of what it is?

> 
> 0K .......... .......... .......... .......... ..........  3% 71.0K 
> 21s
> 
>      50K .......... .......... .......... .......... ..........  6% 
> 106K 17s
> 
>     100K .......... .......... .......... .......... ..........  9% 
> 213K 13s
> 
>     150K .......... .......... .......... .......... .......... 12% 
> 213K 11s
> 
>     200K .......... .......... .......... .......... .......... 15% 
> 16.3M 9s
> 
>     250K .......... .......... .......... .......... .......... 19%  
> 215K 8s
> 
>     300K .......... .......... .......... .......... .......... 22% 
> 15.6M 7s
> 
>     350K .......... .......... .......... .......... .......... 25% 
> 11.7M 6s
> 
>     400K .......... .......... .......... .......... .......... 28%  
> 219K 5s
> 
>     450K .......... .......... .......... .......... .......... 31% 
> 12.1M 5s
> 
>     500K .......... .......... .......... .......... .......... 35% 
> 11.7M 4s
> 
>     550K .......... .......... .......... .......... .......... 38% 
> 12.2M 3s
> 
>     600K .......... .......... .......... .......... .......... 41% 
> 12.1M 3s
> 
>     650K .......... .......... .......... .......... .......... 44%  
> 228K 3s
> 
>     700K .......... .......... .......... .......... .......... 47% 
> 12.2M 3s
> 
>     750K .......... .......... .......... .......... .......... 50% 
> 12.1M 2s
> 
>     800K .......... .......... .......... .......... .......... 54% 
> 11.7M 2s
> 
>     850K .......... .......... .......... .......... .......... 57% 
> 12.1M 2s
> 
>     900K .......... .......... .......... .......... .......... 60% 
> 11.8M 2s
> 
>     950K .......... .......... .......... .......... .......... 63% 
> 12.1M 1s
> 
>    1000K .......... .......... .......... .......... .......... 66% 
> 12.0M 1s
> 
>    1050K .......... .......... .......... .......... .......... 70%  
> 243K 1s
> 
>    1100K .......... .......... .......... .......... .......... 73% 
> 12.1M 1s
> 
>    1150K .......... .......... .......... .......... .......... 76% 
> 12.1M 1s
> 
>    1200K .......... .......... .......... .......... .......... 79% 
> 11.7M 1s
> 
>    1250K .......... .......... .......... .......... .......... 82% 
> 12.1M 1s
> 
>    1300K .......... .......... .......... .......... .......... 86% 
> 12.1M 0s
> 
>    1350K .......... .......... .......... .......... .......... 89% 
> 11.8M 0s
> 
>    1400K .......... .......... .......... .......... .......... 92% 
> 12.1M 0s
> 
>    1450K .......... .......... .......... .......... .......... 95% 
> 12.1M 0s
> 
>    1500K .......... .......... .......... .......... .......... 98% 
> 11.8M 0s
> 
>    1550K .......... ........ 100% 12.5M=2.6s
> 
> 2018-05-19 05:28:25 (598 KB/s) -
> ‘/var/lib/postgresql/10/main/postgresq1’ saved [1606648/1606648]
> 
> Downloaded file is not posgresql but postgresq1(one).
> 
> It was pure pg instalation without any contrib modules addons etc, 
> istalled on ubuntu box by apt manager using repos:
> 
> http://apt.postgresql.org/pub/repos/apt xenial-pgdg/main
> 
> http://apt.postgresql.org/pub/repos/apt xenial-pgdg
> 
> I have never seen such entry on other my other servers…
> 
> Could you be so kind and explain me what is it? I am afraid my 
> postgres has been hacekd.
> 
> Best Regards
> 
> */Bartosz Dmytrak/*
> 


--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx



HI, thanks for response,
Yes - there is also webapp running on the server, but still it's rather odd to find it's logs in postgresql.log file (located in /var/log/postgresql, where my log exists). postgresq1 file exists in /var/lib/postgresql/10/main and it's binary file, I've also noticed there is a n596tx.so which is not a part of standard installation.
Fortunately there is no important data on this server so, a according to other advice, I'll rebuilt it with more aggressive security settings and I'll apply them to other servers too. 

Best regards,
Bartek
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux