Home > mailing lists

RE: posgresql.log - Mailing list pgsql-general

From	Bartosz Dmytrak
Subject	RE: posgresql.log
Date	May 22, 2018 12:35:47
Msg-id	021c01d3f197$1ecaf6d0$5c60e470$@gmail.com Whole thread Raw
In response to	Re: posgresql.log (Adrian Klaver <adrian.klaver@aklaver.com>)
List	pgsql-general

Tree view


-----Original Message-----
From: Adrian Klaver [mailto:adrian.klaver@aklaver.com]
Sent: Tuesday, May 22, 2018 12:03 AM
To: Bartosz Dmytrak <bdmytrak@gmail.com>; pgsql-general@postgresql.org
Subject: Re: posgresql.log

On 05/21/2018 02:40 PM, Bartosz Dmytrak wrote:
> Hi Gurus,
>
> Looking into my postgresql.log on one of my test servers I found scary
> entry:

Is there a Web app running on this server?

The log entries below are from the Postgres logs in?:

/var/log/postgresql/

>
> --2018-05-19 05:28:21--  http://207.148.79.161/post0514/post
>
> Connecting to 207.148.79.161:80... connected.
>
> HTTP request sent, awaiting response... 200 OK
>
> Length: 1606648 (1.5M) [application/octet-stream]

Hmm, the below says it downloaded 12.5M.

>
> Saving to: ‘/var/lib/postgresql/10/main/postgresq1’

The postgresq1 file is actually there?

If so have you looked at the file:

file postgresq1

to get an idea of what it is?

>
> 0K .......... .......... .......... .......... ..........  3% 71.0K
> 21s
>
>      50K .......... .......... .......... .......... ..........  6%
> 106K 17s
>
>     100K .......... .......... .......... .......... ..........  9%
> 213K 13s
>
>     150K .......... .......... .......... .......... .......... 12%
> 213K 11s
>
>     200K .......... .......... .......... .......... .......... 15%
> 16.3M 9s
>
>     250K .......... .......... .......... .......... .......... 19%
> 215K 8s
>
>     300K .......... .......... .......... .......... .......... 22%
> 15.6M 7s
>
>     350K .......... .......... .......... .......... .......... 25%
> 11.7M 6s
>
>     400K .......... .......... .......... .......... .......... 28%
> 219K 5s
>
>     450K .......... .......... .......... .......... .......... 31%
> 12.1M 5s
>
>     500K .......... .......... .......... .......... .......... 35%
> 11.7M 4s
>
>     550K .......... .......... .......... .......... .......... 38%
> 12.2M 3s
>
>     600K .......... .......... .......... .......... .......... 41%
> 12.1M 3s
>
>     650K .......... .......... .......... .......... .......... 44%
> 228K 3s
>
>     700K .......... .......... .......... .......... .......... 47%
> 12.2M 3s
>
>     750K .......... .......... .......... .......... .......... 50%
> 12.1M 2s
>
>     800K .......... .......... .......... .......... .......... 54%
> 11.7M 2s
>
>     850K .......... .......... .......... .......... .......... 57%
> 12.1M 2s
>
>     900K .......... .......... .......... .......... .......... 60%
> 11.8M 2s
>
>     950K .......... .......... .......... .......... .......... 63%
> 12.1M 1s
>
>    1000K .......... .......... .......... .......... .......... 66%
> 12.0M 1s
>
>    1050K .......... .......... .......... .......... .......... 70%
> 243K 1s
>
>    1100K .......... .......... .......... .......... .......... 73%
> 12.1M 1s
>
>    1150K .......... .......... .......... .......... .......... 76%
> 12.1M 1s
>
>    1200K .......... .......... .......... .......... .......... 79%
> 11.7M 1s
>
>    1250K .......... .......... .......... .......... .......... 82%
> 12.1M 1s
>
>    1300K .......... .......... .......... .......... .......... 86%
> 12.1M 0s
>
>    1350K .......... .......... .......... .......... .......... 89%
> 11.8M 0s
>
>    1400K .......... .......... .......... .......... .......... 92%
> 12.1M 0s
>
>    1450K .......... .......... .......... .......... .......... 95%
> 12.1M 0s
>
>    1500K .......... .......... .......... .......... .......... 98%
> 11.8M 0s
>
>    1550K .......... ........ 100% 12.5M=2.6s
>
> 2018-05-19 05:28:25 (598 KB/s) -
> ‘/var/lib/postgresql/10/main/postgresq1’ saved [1606648/1606648]
>
> Downloaded file is not posgresql but postgresq1(one).
>
> It was pure pg instalation without any contrib modules addons etc,
> istalled on ubuntu box by apt manager using repos:
>
> http://apt.postgresql.org/pub/repos/apt xenial-pgdg/main
>
> http://apt.postgresql.org/pub/repos/apt xenial-pgdg
>
> I have never seen such entry on other my other servers…
>
> Could you be so kind and explain me what is it? I am afraid my
> postgres has been hacekd.
>
> Best Regards
>
> */Bartosz Dmytrak/*
>


--
Adrian Klaver
adrian.klaver@aklaver.com



HI, thanks for response,
Yes - there is also webapp running on the server, but still it's rather odd to find it's logs in postgresql.log file
(locatedin /var/log/postgresql, where my log exists). postgresq1 file exists in /var/lib/postgresql/10/main and it's
binaryfile, I've also noticed there is a n596tx.so which is not a part of standard installation. 
Fortunately there is no important data on this server so, a according to other advice, I'll rebuilt it with more
aggressivesecurity settings and I'll apply them to other servers too.  

Best regards,
Bartek

pgsql-general by date:

From: Stuart McGraw
Date: 22 May 2018, 11:48:20
Subject: source of connection fails at pg startup?

From: "Bartosz Dmytrak"
Date: 22 May 2018, 12:47:50
Subject: RE: posgresql.log

RE: posgresql.log - Mailing list pgsql-general

Previous

Next