Re: Ubuntu - new files in /tmp

Mon, 17 Nov 2025 23:24:44 -0800 

אורי
[email protected]


On Tue, Nov 18, 2025 at 9:17 AM Ori Kuttner <[email protected]> wrote:

> ‎ּTry something like: lsof | grep /tmp/pymp-n7uodgt6
>

`lsof | grep /tmp/pymp-n7uodgt6` returns nothing.
`lsof | grep /tmp/pymp` also returns nothing.


> You will see if a program is currently using any of these files so you can
> see what program created it.
> I don't think this means a system hack.
>
> --
> Ori Kuttner CEO Helicon Books
> http://www.heliconbooks.com
>
>
>
>
>
> On Tue, Nov 18, 2025 at 9:02 AM Yaniv Haliwa <[email protected]> wrote:
>
>> Look like ur server vulnerable and attacker try runing reverse shell.
>> Probably with msfconsole that it looks this way
>>
>>
>> *Best Regards,*
>>
>> Yaniv Haliwa
>>
>> 📞 +972-533020957 <+972533020957>
>>
>> 🌐 yanivhaliwa.com
>>
>> 🔗 LinkedIn <https://www.linkedin.com/in/yaniv-haliwa>
>>
>> 💻 GitHub <https://github.com/YanivHaliwa>
>>
>> 🎯 TryHackMe <https://tryhackme.com/r/p/YanivHaliwa>
>>
>> 🌍 Linktree <https://linktr.ee/YanivHaliwa>
>>
>>
>> On Tue, Nov 18, 2025, 13:48 אורי <[email protected]> wrote:
>>
>>> Hi,
>>>
>>> I'm running a production server on Ubuntu 22.04.5 LTS hosted on
>>> digitalocean (this droplet is running since 2023). Now, recently I saw some
>>> strange files in /tmp that were not there before. These files contain the
>>> string pymp:
>>>
>>> # find /tmp/ -ls |grep pymp
>>>      3762      4 drwx------   2 root     root         4096 Nov 17 22:23
>>> /tmp/pymp-n7uodgt6
>>>      4045      0 srwxr-xr-x   1 root     root            0 Nov 17 22:23
>>> /tmp/pymp-n7uodgt6/listener-0lcaibxe
>>>      2210      4 drwx------   2 root     root         4096 Nov 17 18:18
>>> /tmp/pymp-fciod9wd
>>>      2369      0 srwxr-xr-x   1 root     root            0 Nov 17 18:18
>>> /tmp/pymp-fciod9wd/listener-fwhwjxcb
>>>
>>> What are these files and does in mean my server (droplet) has been
>>> cracked?
>>>
>>> There were more files like this which I deleted.
>>>
>>> Thanks,
>>> Uri Rodberg, Speedy Net.
>>>
>>> אורי
>>> [email protected]
>>> _______________________________________________
>>> Linux-il mailing list -- [email protected]
>>> To unsubscribe send an email to [email protected]
>>>
>> _______________________________________________
>> Linux-il mailing list -- [email protected]
>> To unsubscribe send an email to [email protected]
>>
>

_______________________________________________
Linux-il mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to