3
1
I have a server that's been running for years now and there are no cron jobs set up. I have not logged in or changed anything in months. Suddenly I started receiving emails that look like this, about once per hour, but not always for some reason:
To: root@mydomain.com
Subject: Cron <root@mydomain.com> [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f -cmin +$(/usr/lib/php5/maxlifetime) ! -execdir fuser -s {} 2>/dev/null \; -delete
PHP Deprecated: Comments starting with '#' are deprecated in /etc/php5/cli/conf.d/mhash.ini on line 1 in Unknown on line 0
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php5/20090626/mhash.so' - /usr/lib/php5/20090626/mhash.so: cannot open shared object file: No such file or directory in Unknown on line 0
I have no idea what this is talking about. It's bizarre because I did not change anything.
I checked to see if ther eare any cron jobs by running this command while logged in as root:
for user in $(cut -f1 -d: /etc/passwd); do crontab -u $user -l; done
There were none:
no crontab for root
no crontab for daemon
no crontab for bin
no crontab for sys
:
:
etc, for all users
What is going on? How do I stop this? And furthermore, I'm a little concerned that someone broke into the server and changed something, because I didn't touch a single thing.
Any ideas?
Users can also create their own
cron
jobs. Check out/var/cron
or/var/spool/cron/crontabs
. – Kasius – 2012-10-02T19:52:21.637Yes, but he already checked the individual users' crontabs (those are what are listed in the directories you listed.) – UtahJarhead – 2012-10-02T20:15:53.710