익명 19:10

Unknown files are being created automatically on my AWS server

Unknown files are being created automatically on my AWS server

I'm hosting my application on an AWS Ubuntu server, and I've noticed that the following files keep getting created automatically:

  • xmirig.tar.gz

  • failed.log

  • monitor.log

  • exploites.log

  • next-env.d.ts

I did not create these files manually, and they keep appearing on the server.

I'm trying to understand:

  • What process could be creating these files?

  • Could this indicate that my server has been compromised?

  • How can I identify which process or service is generating them?

  • Are any of these files associated with malware or crypto miners?

The server is running Ubuntu on AWS EC2.



Top Answer/Comment:

If you didn't install it, then your server is compromised.

Here's a reference for that: Check Point's writeup — it explains XMRig is open-source software designed for mining Monero or Bitcoin, but it's also commonly abused by cybercriminals who infect computers with it to mine cryptocurrency using the victim's resources Check Point Software

상단 광고의 [X] 버튼을 누르면 내용이 보입니다