CRON added by Something or Someone; High Load

Community support for Plesk, CPanel, WebMin and others with insight from two of the founders of Plesk. Ask for help here! No question is too simple or complicated. :-)
KrazyBob
Forum Regular
Forum Regular
Posts: 310
Joined: Mon Mar 19, 2007 3:47 pm

CRON added by Something or Someone; High Load

Unread post by KrazyBob »

The following CRON has been added for a domain that no longer exists:

Code: Select all

14,34,54        *       *       *       *       /usr/lib64/plesk-9.0/postfix-poplockdb-clean
*       *       *       *       *       mailq|awk ' /^[0-9A-F][0-9A-F]*.*.bluetopmanagement.com$/ {print $1}'|tr -d '*'| xargs -rn1 postsuper -d
0,10,20,30,40,50        *       *       *       *       /usr/local/psa/admin/bin/php -c '/usr/local/psa/admin/conf/php.ini' -dauto_prepend_file=sdk.php '/usr/local/psa/admin/plib/modules/plesk-mobile/scripts/push_worker.php'
This results in this running every minute:

Code: Select all

Nov  4 10:14:01 clss06 CROND[15857]: (root) CMD (mailq|awk ' /^[0-9A-F][0-9A-F]*.*.bluetopmanagement.com$/ {print $1}'|tr -d '*'| xargs -rn1 postsuper -d)
Nov  4 10:14:01 clss06 CROND[15858]: (root) CMD (/usr/lib64/plesk-9.0/postfix-poplockdb-clean)
Nov  4 10:15:01 clss06 CROND[15937]: (root) CMD (mailq|awk ' /^[0-9A-F][0-9A-F]*.*.bluetopmanagement.com$/ {print $1}'|tr -d '*'| xargs -rn1 postsuper -d)
Nov  4 10:15:01 clss06 CROND[15938]: (mailman) CMD (/usr/lib/mailman/cron/gate_news)
Nov  4 10:16:01 clss06 CROND[15990]: (root) CMD (mailq|awk ' /^[0-9A-F][0-9A-F]*.*.bluetopmanagement.com$/ {print $1}'|tr -d '*'| xargs -rn1 postsuper -d)
Nov  4 10:17:01 clss06 CROND[16016]: (root) CMD (mailq|awk ' /^[0-9A-F][0-9A-F]*.*.bluetopmanagement.com$/ {print $1}'|tr -d '*'| xargs -rn1 postsuper -d)
Can I safely delete it since it references a domain no longer hosted.
prupert
Forum Regular
Forum Regular
Posts: 573
Joined: Tue Aug 01, 2006 2:45 pm
Location: Netherlands

Re: CRON added by Something or Someone; High Load

Unread post by prupert »

"Someonething or Someone" placed a cronjob in the crontab for root? If it wasn't for the innocence of the command I would say that you were hacked.

The job appears to be deleting certain messages from the Postfix mail queue, every minute. Certainly no harm will be done by removing this cronjob. ;-)
Lemonbit Internet Dedicated Server Management
KrazyBob
Forum Regular
Forum Regular
Posts: 310
Joined: Mon Mar 19, 2007 3:47 pm

Re: CRON added by Something or Someone; High Load

Unread post by KrazyBob »

Thank you for a speedy reply. This is a leased dedicated server and the client may have put it in there. But he lost the client because they wouldn't keep their site clean and Google would blacklist it and my IP. Not being familiar with postfix and didn't realize that the command is benign.

Thank you.
Post Reply