Hey guys, I saw this in my VPS when checking history:

    1  chmod +x /usr/lib/virt-sysprep/scripts/0001-swapoff--dev-vda2-mkswap--dev-vda2-swapon--dev-vda2-resize2f
    2  cat /usr/lib/virt-sysprep/scripts/0001-swapoff--dev-vda2-mkswap--dev-vda2-swapon--dev-vda2-resize2f
    3  vi /usr/lib/virt-sysprep/scripts/0001-swapoff--dev-vda2-mkswap--dev-vda2-swapon--dev-vda2-resize2f

here is the content of the script:

# cat /usr/lib/virt-sysprep/scripts/0001-swapoff--dev-vda2-mkswap--dev-vda2-swapon--dev-vda2-resize2f
swapoff /dev/vda2;mkswap /dev/vda2;swapon /dev/vda2;resize2fs /dev/vda1;yum -y update;systemctl disable guestfs-firstboot;reboot

This is a new server I provisioned on my VPS in racknerd. The command looks safe, but I’m wondering if these commands were executed on its own? Or someone has logged in to my VPS? This is also not normal, isn’t it?

  • @pqdinfo
    link
    English
    3
    edit-2
    1 year ago

    deleted by creator

    • @[email protected]OP
      link
      fedilink
      English
      21 year ago

      so what are the options for the customers like us if we don’t want them to access our server? how do i know if they logged in using a different method other than ssh?

      • @pqdinfo
        link
        English
        4
        edit-2
        1 year ago

        deleted by creator