What files and folders in tmp/ folder
Hi,
My linode got restricted as there was the support has detected an Outbound Denial of Service attack on my linode.
I follow the guide from the linode support team (https://www.linode.com/community/questions/467/ive-noticed-some-suspicious-activity-on-my-linode-what-do-i-do) and checked the tmp folder. My tmp folder has the follwing files and folders
drwxrwxrwt 10 root root 4096 Jun 17 06:09 .
drwxr-xr-x 23 root root 4096 Jun 15 08:58 ..
drwxrwxrwt 2 root root 4096 Jun 17 00:14 .font-unix
drwxrwxrwt 2 root root 4096 Jun 17 00:14 .ICE-unix
drwx------ 3 root root 4096 Jun 17 00:14 systemd-private-f57a05ef2a9745cf9b69a07c1aea6d1e-apache2.service-gJEK6L
drwx------ 3 root root 4096 Jun 17 00:14 systemd-private-f57a05ef2a9745cf9b69a07c1aea6d1e-systemd-resolved.service-orElVv
drwx------ 3 root root 4096 Jun 17 00:14 systemd-private-f57a05ef2a9745cf9b69a07c1aea6d1e-systemd-timesyncd.service-cndLea
drwxrwxrwt 2 root root 4096 Jun 17 00:14 .Test-unix
drwxrwxrwt 2 root root 4096 Jun 17 00:14 .X11-unix
drwxrwxrwt 2 root root 4096 Jun 17 00:14 .XIM-unix
Are those folder looking good or should I delelte some of them, and if so which ones?
I appreciate everyone's help. Thank you.
Katharina
5 Replies
You write:
My tmp folder has the follwing files and folders
ARRRGGGGHHH!! There are no "folders"…there are "directories"! I digress…
drwxrwxrwt 10 root root 4096 Jun 17 06:09 .
drwxr-xr-x 23 root root 4096 Jun 15 08:58 ..
drwxrwxrwt 2 root root 4096 Jun 17 00:14 .font-unix
drwxrwxrwt 2 root root 4096 Jun 17 00:14 .ICE-unix
drwx------ 3 root root 4096 Jun 17 00:14 systemd-private-f57a05ef2a9745cf9b69a07c1aea6d1e-apache2.service-gJEK6L
drwx------ 3 root root 4096 Jun 17 00:14 systemd-private-f57a05ef2a9745cf9b69a07c1aea6d1e-systemd-resolved.service-orElVv
drwx------ 3 root root 4096 Jun 17 00:14 systemd-private-f57a05ef2a9745cf9b69a07c1aea6d1e-systemd-timesyncd.service-cndLea
drwxrwxrwt 2 root root 4096 Jun 17 00:14 .Test-unix
drwxrwxrwt 2 root root 4096 Jun 17 00:14 .X11-unix
drwxrwxrwt 2 root root 4096 Jun 17 00:14 .XIM-unix
Are those folder looking good or should I delelte some of them, and if so which ones?
Theres that word again!
All the directories matching the pattern *service* belong to systemd -- the Linux system service management daemon. See:
https://www.linode.com/docs/quick-answers/linux-essentials/what-is-systemd/
All the directories matching the pattern *-unix$ belong to the X Window System.
All of these are perfectly normal. If your Linode does not run a desktop environment that requires X11, you can delete all the *-unix$ directories. Your system will go seriously haywire if you delete the *service* directories!
-- sw
[@stevewi] (/community/user/stevewi)
Thank you very much for your fast reply and the correction, I appricate it.
As I'm not so much familiar with the whole server side, as I usually take care of the front end, can I ask you one or two more questions?
Do the running processes look okay?
root@localhost:~# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.8 159784 8908 ? Ss Jun17 0:25 /sbin/init
root 2 0.0 0.0 0 0 ? S Jun17 0:00 [kthreadd]
root 4 0.0 0.0 0 0 ? I< Jun17 0:00 [kworker/0:0H]
root 6 0.0 0.0 0 0 ? I< Jun17 0:00 [mm_percpu_wq]
root 7 0.0 0.0 0 0 ? S Jun17 0:04 [ksoftirqd/0]
root 8 0.0 0.0 0 0 ? I Jun17 0:19 [rcu_sched]
root 9 0.0 0.0 0 0 ? I Jun17 0:00 [rcu_bh]
root 10 0.0 0.0 0 0 ? S Jun17 0:00 [migration/0]
root 11 0.0 0.0 0 0 ? S Jun17 0:00 [watchdog/0]
root 12 0.0 0.0 0 0 ? S Jun17 0:00 [cpuhp/0]
root 13 0.0 0.0 0 0 ? S Jun17 0:00 [kdevtmpfs]
root 14 0.0 0.0 0 0 ? I< Jun17 0:00 [netns]
root 15 0.0 0.0 0 0 ? S Jun17 0:00[rcu_tasks_kthr
root 16 0.0 0.0 0 0 ? S Jun17 0:00 [kauditd]
root 17 0.0 0.0 0 0 ? S Jun17 0:00 [khungtaskd]
root 18 0.0 0.0 0 0 ? S Jun17 0:00 [oom_reaper]
root 19 0.0 0.0 0 0 ? I< Jun17 0:00 [writeback]
root 20 0.0 0.0 0 0 ? S Jun17 0:00 [kcompactd0]
root 21 0.0 0.0 0 0 ? SN Jun17 0:00 [ksmd]
root 22 0.0 0.0 0 0 ? SN Jun17 0:00 [khugepaged]
root 23 0.0 0.0 0 0 ? I< Jun17 0:00 [crypto]
root 24 0.0 0.0 0 0 ? I< Jun17 0:00 [kintegrityd]
root 25 0.0 0.0 0 0 ? I< Jun17 0:00 [kblockd]
root 26 0.0 0.0 0 0 ? I< Jun17 0:00 [ata_sff]
root 27 0.0 0.0 0 0 ? I< Jun17 0:00 [md]
root 28 0.0 0.0 0 0 ? I< Jun17 0:00 [edac-poller]
root 29 0.0 0.0 0 0 ? I< Jun17 0:00 [devfreq_wq]
root 30 0.0 0.0 0 0 ? I< Jun17 0:00 [watchdogd]
root 34 0.0 0.0 0 0 ? S Jun17 0:00 [kswapd0]
root 35 0.0 0.0 0 0 ? I< Jun17 0:00 [kworker/u3:0]
root 36 0.0 0.0 0 0 ? S Jun17 0:00 [ecryptfs-kthre
root 78 0.0 0.0 0 0 ? I< Jun17 0:00 [kthrotld]
root 79 0.0 0.0 0 0 ? I< Jun17 0:00 [acpi_thermal_p
root 83 0.0 0.0 0 0 ? I< Jun17 0:00 [ipv6_addrconf]
root 92 0.0 0.0 0 0 ? I< Jun17 0:00 [kstrp]
root 109 0.0 0.0 0 0 ? I< Jun17 0:00 [charger_manage
root 148 0.0 0.0 0 0 ? S Jun17 0:00 [scsi_eh_0]
root 149 0.0 0.0 0 0 ? I< Jun17 0:00 [scsi_tmf_0]
root 151 0.0 0.0 0 0 ? S Jun17 0:00 [scsi_eh_1]
root 152 0.0 0.0 0 0 ? I< Jun17 0:00 [scsi_tmf_1]
root 153 0.0 0.0 0 0 ? I< Jun17 0:01 [kworker/0:1H]
root 155 0.0 0.0 0 0 ? S Jun17 0:00 [scsi_eh_2]
root 156 0.0 0.0 0 0 ? I< Jun17 0:00 [scsi_tmf_2]
root 157 0.0 0.0 0 0 ? S Jun17 0:00 [scsi_eh_3]
root 158 0.0 0.0 0 0 ? I< Jun17 0:00 [scsi_tmf_3]
root 160 0.0 0.0 0 0 ? S Jun17 0:00 [scsi_eh_4]
root 161 0.0 0.0 0 0 ? I< Jun17 0:00 [scsi_tmf_4]
root 165 0.0 0.0 0 0 ? S Jun17 0:00 [scsi_eh_5]
root 171 0.0 0.0 0 0 ? I< Jun17 0:00 [scsi_tmf_5]
root 172 0.0 0.0 0 0 ? S Jun17 0:00 [scsi_eh_6]
root 173 0.0 0.0 0 0 ? I< Jun17 0:00 [scsi_tmf_6]
root 174 0.0 0.0 0 0 ? S Jun17 0:00 [scsi_eh_7]
root 175 0.0 0.0 0 0 ? I< Jun17 0:00 [scsi_tmf_7]
root 274 0.0 0.0 0 0 ? I< Jun17 0:00 [raid5wq]
root 327 0.0 0.0 0 0 ? S Jun17 0:02 [jbd2/sda-8]
root 328 0.0 0.0 0 0 ? I< Jun17 0:00 [ext4-rsv-conve
root 385 0.0 3.8 152176 38884 ? S<s Jun17 0:00 /lib/systemd/sy
root 386 0.0 0.0 0 0 ? I< Jun17 0:00 [iscsi_eh]
root 402 0.0 0.1 97708 1744 ? Ss Jun17 0:00 /sbin/lvmetad -
root 404 0.0 0.3 45284 3848 ? Ss Jun17 0:00 /lib/systemd/sy
root 405 0.0 0.0 0 0 ? I< Jun17 0:00 [ib-comp-wq]
root 406 0.0 0.0 0 0 ? I< Jun17 0:00 [ib_mcast]
root 407 0.0 0.0 0 0 ? I< Jun17 0:00 [ib_nl_sa_wq]
root 409 0.0 0.0 0 0 ? I< Jun17 0:00 [rdma_cm]
systemd+450 0.0 0.4 71844 4940 ? Ss Jun17 0:37 /lib/systemd/sy
systemd+480 0.0 0.4 70624 4976 ? Ss Jun17 0:41 /lib/systemd/sy
root 561 0.0 0.1 161076 1612 ? Ssl Jun17 0:00 /usr/bin/lxcfs
message+571 0.0 0.4 50036 4116 ? Ss Jun17 0:00 /usr/bin/dbus-d
root 581 0.0 1.6 170380 16468 ? Ssl Jun17 0:00 /usr/bin/python
root 587 0.0 0.5 70636 5796 ? Ss Jun17 0:00 /lib/systemd/sy
root 589 0.0 0.6 287544 6356 ? Ssl Jun17 0:01 /usr/lib/accoun
syslog 594 0.0 0.4 263036 4044 ? Ssl Jun17 0:00 /usr/sbin/rsysl
daemon 596 0.0 0.2 28332 2212 ? Ss Jun17 0:00 /usr/sbin/atd -
root 597 24.0 0.0 26592 660 ? Ssl Jun17 385:08 route -n
root 629 0.0 0.6 288880 6324 ? Ssl Jun17 0:00 /usr/lib/policy
root 647 0.0 0.1 16180 1584 tty1 Ss+ Jun17 0:00 /sbin/agetty -o
root 672 0.0 0.5 72296 5420 ? Ss Jun17 0:00 /usr/sbin/sshd
root 677 0.0 1.8 187216 18852 ? Ssl Jun17 0:00 /usr/bin/python
mysql 742 0.0 17.4 1154780 176304 ? Sl Jun17 0:34 /usr/sbin/mysql
root 752 0.0 2.3 491392 23988 ? Ss Jun17 0:03 /usr/sbin/apach
www-data765 0.0 1.5 493772 15240 ? S Jun17 0:00 /usr/sbin/apach
www-data766 0.0 1.5 493772 15244 ? S Jun17 0:00 /usr/sbin/apach
www-data767 0.0 1.5 493772 15244 ? S Jun17 0:00 /usr/sbin/apach
www-data768 0.0 1.5 493772 15244 ? S Jun17 0:00 /usr/sbin/apach
www-data769 0.0 1.5 493772 15244 ? S Jun17 0:00 /usr/sbin/apach
systemd+913 0.0 0.3 141924 3064 ? Ssl Jun17 0:00 /lib/systemd/sy
root 991 0.0 0.6 27392 6380 ? S Jun17 0:00 rsync
root 1017 0.0 0.5 40160 5200 ? Ssl Jun17 0:04 ./kswapd0
root 1649 0.0 0.0 0 0 ? I 02:54 0:00 [kworker/u2:2]
root 1766 0.0 0.6 76636 6980 ? Ss 02:54 0:00 /lib/systemd/sy
root 1767 0.0 0.2 191468 2484 ? S 02:54 0:00 (sd-pam)
root 1777 0.0 0.4 22652 5024 ttyS0 S 02:54 0:00 -bash
root 1922 0.0 0.1 1468 1040 ? Ss 02:55 0:00 ifconfig
root 1927 0.0 0.1 1468 1036 ? Ss 02:55 0:00 ifconfig eth0
root 1928 0.0 0.1 1468 1040 ? Ss 02:55 0:00 who
root 1930 0.0 0.1 1468 1040 ? Ss 02:55 0:00 pwd
root 1931 0.0 0.1 1468 1044 ? Ss 02:55 0:00 id
root 1932 0.0 0.3 39664 3420 ttyS0 R+ 02:55 0:00 ps aux
www-data6661 0.0 1.5 493772 15256 ? S Jun17 0:00 /usr/sbin/apach
root 10243 0.0 0.3 81740 4012 ttyS0 Ss Jun17 0:00 /bin/login -p -
root 27877 0.0 0.0 0 0 ? I 02:21 0:00 [kworker/u2:1]
root 30141 0.0 0.0 0 0 ? I 02:34 0:00 [kworker/u2:0]
root 30295 0.0 0.0 0 0 ? I 02:34 0:00 [kworker/0:2]
root 31605 0.0 0.0 0 0 ? I Jun17 0:00 [kworker/0:0]
Do the connections look okay?
root@localhost:~# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 1 xxx.xx.xxx.xxx:57286 xx.x.xxx.xx:443 SYN_SENT
tcp 0 1 xxx.xx.xxx.xxx:46692 xxx.xxx.xxx.xxx:3307 SYN_SENT
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
udp 0 0 127.0.0.53:53 0.0.0.0:*
raw6 0 0 :::58 :::* 7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 1240037 /run/user/0/systemd/n
otify
unix 2 [ ACC ] SEQPACKET LISTENING 13939 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 1240040 /run/user/0/systemd/p
rivate
unix 2 [ ACC ] STREAM LISTENING 1240044 /run/user/0/gnupg/S.g
pg-agent.ssh
unix 2 [ ACC ] STREAM LISTENING 1240045 /run/user/0/gnupg/S.d
irmngr
unix 2 [ ACC ] STREAM LISTENING 1240046 /run/user/0/gnupg/S.g
pg-agent
unix 2 [ ACC ] STREAM LISTENING 1240047 /run/user/0/gnupg/S.g
pg-agent.browser
unix 2 [ ACC ] STREAM LISTENING 1240048 /run/user/0/gnupg/S.gpg-agent.extra
unix 2 [ ACC ] STREAM LISTENING 15859 /var/lib/lxd/unix.socket
unix 2 [ ACC ] STREAM LISTENING 15865 /run/snapd.socket
unix 2 [ ACC ] STREAM LISTENING 15867 /run/snapd-snap.socket
unix 3 [ ] DGRAM 13456 /run/systemd/notify
unix 2 [ ACC ] STREAM LISTENING 15874 /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 15887 /run/uuidd/request
unix 2 [ ACC ] STREAM LISTENING 15889 /run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 13459 /run/systemd/private
unix 2 [ ] DGRAM 13469 /run/systemd/journal/syslog
unix 6 [ ] DGRAM 13477 /run/systemd/journal/dev-log
unix 2 [ ACC ] STREAM LISTENING 13479 /run/lvm/lvmpolld.socket
unix 2 [ ACC ] STREAM LISTENING 13481 /run/lvm/lvmetad.socket
unix 2 [ ACC ] STREAM LISTENING 15864 @ISCSIADM_ABSTRACT_NAMESPACE
unix 2 [ ACC ] STREAM LISTENING 13483 /run/systemd/fsck.progress
unix 2 [ ACC ] STREAM LISTENING 13486 /run/systemd/journal/stdout
unix 9 [ ] DGRAM 13488 /run/systemd/journal/socket
unix 2 [ ACC ] STREAM LISTENING 20123 /var/run/mysqld/mysqld.sock
unix 2 [ ] DGRAM 1240000
unix 3 [ ] STREAM CONNECTED 18380
unix 3 [ ] STREAM CONNECTED 18215
unix 3 [ ] DGRAM 15260
unix 3 [ ] STREAM CONNECTED 19718 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 16198
unix 3 [ ] STREAM CONNECTED 16278 /run/systemd/journal/stdout
unix 2 [ ] DGRAM 15252
unix 3 [ ] DGRAM 1240039
unix 2 [ ] DGRAM 16190
unix 3 [ ] STREAM CONNECTED 16197
unix 3 [ ] DGRAM 15261
unix 3 [ ] STREAM CONNECTED 19717
unix 3 [ ] STREAM CONNECTED 16277
unix 3 [ ] DGRAM 15262
unix 3 [ ] STREAM CONNECTED 19757 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 15876
unix 3 [ ] STREAM CONNECTED 15421
unix 3 [ ] STREAM CONNECTED 18485 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 16200 /var/run/dbus/system_bus_socket
unix 2 [ ] DGRAM 20242
unix 3 [ ] STREAM CONNECTED 16199 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 15422 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 15877
unix 3 [ ] STREAM CONNECTED 20630
unix 3 [ ] STREAM CONNECTED 16591 /run/systemd/journal/stdout
unix 2 [ ] DGRAM 1240013
unix 3 [ ] DGRAM 15263
unix 3 [ ] STREAM CONNECTED 16590
unix 3 [ ] STREAM CONNECTED 18261
unix 3 [ ] STREAM CONNECTED 20631 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 16752 /run/systemd/journal/stdout
unix 2 [ ] DGRAM 14254
unix 3 [ ] STREAM CONNECTED 14191
unix 3 [ ] DGRAM 20535
unix 3 [ ] STREAM CONNECTED 19756
unix 3 [ ] STREAM CONNECTED 18381 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 15225
unix 3 [ ] STREAM CONNECTED 14905 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 14908 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 15226 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 14251
unix 3 [ ] STREAM CONNECTED 16750
unix 3 [ ] STREAM CONNECTED 17199
unix 2 [ ] DGRAM 17236
unix 2 [ ] DGRAM 1239895
unix 3 [ ] STREAM CONNECTED 17200 /var/run/dbus/system_bus_socket
unix 2 [ ] DGRAM 15654
unix 3 [ ] DGRAM 13457
unix 3 [ ] STREAM CONNECTED 1240011 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 16142
unix 3 [ ] STREAM CONNECTED 15973
unix 3 [ ] DGRAM 13458
unix 3 [ ] DGRAM 14340
unix 3 [ ] STREAM CONNECTED 1239992
unix 3 [ ] STREAM CONNECTED 18483
unix 3 [ ] STREAM CONNECTED 15974 /run/systemd/journal/stdout
unix 3 [ ] DGRAM 14339
unix 3 [ ] DGRAM 1240038
unix 3 [ ] STREAM CONNECTED 16145 /run/systemd/journal/stdout
unix 3 [ ] DGRAM 20536
unix 3 [ ] DGRAM 20694
unix 2 [ ] DGRAM 18252
unix 3 [ ] DGRAM 20695
unix 3 [ ] DGRAM 20696
unix 3 [ ] STREAM CONNECTED 16143
unix 3 [ ] STREAM CONNECTED 18262 /var/run/dbus/system_bus_socket
unix 3 [ ] DGRAM 20693
unix 2 [ ] DGRAM 14316
unix 3 [ ] STREAM CONNECTED 16201 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 18216 /var/run/dbus/system_bus_socket
unix 2 [ ] DGRAM 20690
I get the following when I check the ports
lsof -i tcp:3306 -P -R
COMMAND PID PPID USER FD TYPE DEVICE SIZE/OFF NODE NAME
mysqld 742 1 mysql 26u IPv4 20122 0t0 TCP localhost:3306 (LISTEN)
COMMAND PID PPID USER FD TYPE DEVICE SIZE/OFF NODE NAME
systemd-r 480 1 systemd-resolve 13u IPv4 15671 0t0 TCP localhost:53 (LISTEN)
lsof -i tcp:57286 -P -R and lsof -i tcp:46692 -P -R
nothing
You write:
Thank you very much for your fast reply and the correction, I appreciate it.
You're welcome…
As I'm not so much familiar with the whole server side, as I usually take care of the front end, can I ask you one or two more questions?
Of course…
Do the running processes look okay?
root@localhost:~# ps aux
Just as a practical note… When you have screen output like this, enclose it between lines consisting of 3 backquotes (```). Doing so will present the text between as "code" and make your post a lot more readable. That being said, the only processes you presented in your list that aren't normally there were these:
root 1777 0.0 0.4 22652 5024 ttyS0 S 02:54 0:00 -bash
root 1922 0.0 0.1 1468 1040 ? Ss 02:55 0:00 ifconfig
root 1927 0.0 0.1 1468 1036 ? Ss 02:55 0:00 ifconfig eth0
root 1928 0.0 0.1 1468 1040 ? Ss 02:55 0:00 who
root 1930 0.0 0.1 1468 1040 ? Ss 02:55 0:00 pwd
root 1931 0.0 0.1 1468 1044 ? Ss 02:55 0:00 id
root 1932 0.0 0.3 39664 3420 ttyS0 R+ 02:55 0:00 ps aux
But this is you doing your ps -aux command…
Do the connections look okay?
Just as another practical matter, it's not a very good idea to publish your IP address(es) or domain name(s) in an open forum like this (you never know who might be scanning the posts here for such information):
tcp 0 1 178.79.181.108:57286 45.9.148.99:443 SYN_SENT
tcp 0 1 178.79.181.108:46692 104.223.142.164:3307 SYN_SENT
The first of these is an https connection from 45.9.148.99 (registered in the Netherlands). I don't recognize the second one. It's a TCP connection on port 3307 to your Linode from an IP address in the US. According to /etc/services, port 3307 is listed as:
opsession-prxy 3307/udp # OP Session Proxy
opsession-prxy 3307/tcp # OP Session Proxy
I don't know what OP Session Proxy is…maybe someone else can explain. I'd investigate this further…
The rest of the TCP connections and all of the UDP connections are normal (DNS, ICMP, ssh, http, etc).
The connections labeled unix never go outside the boundaries of your system ("unix" is shorthand for "unix-domain sockets"…these were named when TCP/IP was the province of Unix systems only…since about the mid-1980s or so, the proper term for them is "local-domain sockets" to reflect that TCP/IP no longer belongs to Unix exclusively and communication over them is always local). These are all related to normal system/application services.
I get the following when I check the ports
lsof -i tcp:3306 -P -R
Port 3306 is the well-known port for mysql. This is normal.
lsof -i tcp:53 -P -R (n.b., this command was implied from context)
Port 53 is DNS…also normal
lsof -i tcp:57286 -P -R and lsof -i tcp:46692 -P -R
Ports 57286 and 46692 are temporary ports the system has allocated to handle the inbound TCP connections from IP addresses 45.9.148.99 and 104.223.142.164 respectively that I discussed above. Provided the communication is legitimate, these are legitimate as well.
As I said before, I would investigate the use of port 3307 further. It may be innocuous but, not knowing anything about what your system does, I just can't tell. If it's not legitimate, you can close access to the port in your firewall with relative ease.
-- sw
You write:
You're welcome…
Thank you again for you help. I really do appreciate the time you spend on look into it and the knowdledge you share.
Just as a practical note… When you have screen output like this, enclose it between lines consisting of 3 backquotes (```). Doing so will present the text between as "code" and make your post a lot more readable.
And this
Just as another practical matter, it's not a very good idea to publish your IP address(es) or domain name(s) in an open forum like this (you never know who might be scanning the posts here for such information)
Thanks for the notes, have just update my posts :)
I don't know what OP Session Proxy is…maybe someone else can explain. I'd investigate this further…
I will look into it, and hopefully will find some valuable information.
Thank you again for your help :)