Hello,
I’ve had a “test” NextCloud instance running on my web server for around 2 years that I’ve created with the root user. So the whole web application in the public directory was owned by root. That’s probably as I was running 777 permissions on all files. I’ve checked the logs and don’t see anything fishy, but as this is a “backup/beta” server for me, I’d like to check if there’s a way my installation was compromised somehow.
I know it was dangerous leaving it as is, but what harm could have been done and what are the steps I should take? I know I’m not the first or the last one to do this. Stupid sudo su.
I’ve got Teamcity and Jenkins running here to deploy my build to production so I’m scared not to deploy malware there.
I’ve got clamav that I ocassionaly use:
----------- SCAN SUMMARY -----------
Known viruses: 8672753
Engine version: 0.103.10
Scanned directories: 21567
Scanned files: 103565
Infected files: 0
Data scanned: 5046.54 MB
Data read: 10907.13 MB (ratio 0.46:1)
Time: 853.050 sec (14 m 13 s)
Start Date: 2023:09:19 23:14:27
End Date: 2023:09:19 23:28:40
[root@xxxxx bin]#
Thanks a bunch guys,
Have a good day.