0

I am running Ubuntu 14.04 server with ISPConfig installed and etc.

Latest I saw a suspicious home directory named ub. It has some encrypted files in it. Also I found /run/shm/ecryptfs-ub-Private is owned by this user.

I changed password of the user and ssh login to the account. Just saw encrypted files. Later on I deleted the user ub and group ub. But I am not sure if I have done the right thing.

Does it might be a auto generated user and group by some services? Or is it really suspicious?

I did not see any processes run by this user by top command.

peterh
  • 4,914
  • 13
  • 29
  • 44
bkilinc
  • 101
  • 2
  • what does the logs say? – Orphans Jan 11 '17 at 10:11
  • in auth.log I did not see any logins for ub. in dmesg no interesting result for seach "ub ". in syslog for latest logs I did not find anything either. created home directory has a old modified time, it is march 14, 2015. I may not notice it, I seldomly check /home directory. – bkilinc Jan 11 '17 at 10:24
  • 1
    Also I checked my mails. That was the exact date when I moved to a new server and asked help from datacenter. They might create it, for support. I will ask them. Thanks. – bkilinc Jan 11 '17 at 10:28
  • @bkilinc That could explain it. Is it a managed server? – Orphans Jan 11 '17 at 11:22
  • no it isn't, but on that date, they installed the server as Virtual Machine, using their ISO files. Also they made some network configuration. Also I remember, buying hourly paid support. Thanks for help. – bkilinc Jan 11 '17 at 11:35

0 Answers0