Well, I've picked up the habit from my computer science teacher of naming variables and files things like doofus, fool, etc. The project I was working on was a program that would download and replace itself as an upgrade. It never worked because java would always change a few characters, but I guess something downloaded a lot. I may have also created a disk image I was using for something, and then forgot to delete it. I tried to open it with nano, but it crashed the computer, which would make this the first time. I have a gig of RAM, and that file was on a 30 gig partition, so I don't even want to know what happened when nano tried to read the entire file into RAM. I did shutdown -HF now at one point and fsck checked out fine. I'll have to do that again, considering I just deleted a several gig file.
Thanks,
-Peter
On 8/16/06, Duncan <1i5t5.duncan@cox.net> wrote:
"Peter Davoust" <worldgnat@gmail.com> posted
7c08b4dd0608150751o418c99e5gcbae8cc9a96460ad@mail.gmail.com
, excerpted
below, on Tue, 15 Aug 2006 14:51:51 +0000:
> Ok, so I had a 5 gig disk image I was using for a guest OS. I deleted it
> and it brought be down to about 93% usage, and gave me back KDE. Then I
> did a series of du -s /* etc, which took me to a directory I created for
> a Java application I'm writing. Somehow, a file called fool was created,
> and it was enourmous. I deleted it and it brought me down to 22% usage.
> Is that insane or what? I guess the file was appropriately named.....
Let's see... 5 gig = 7%, 1.4% per gig. 93%-22%=71% 71/1.4=... about 50
gigs. A 50 gig "fool" file! (This assumes you didn't delete some other
small stuff you failed to mention.) Yeah, appropriately named, I'd say.
Did you check the contents of the thing to see what in the world (um..
what on the disk :) it was? Maybe the creation/modification times,
perhaps in comparison to other files?
That name is ... strange... to say the least. Going just on the name, and
the fact that it grew so huge, the possibility that immediately came to my
mind was a cracker. Following the thought, the file would have been put
there as a DoS, possibly because the cracker couldn't get access to
anything else but could create a huge file as a disruption, or perhaps
there was a trojan plant and it was an activity log the cracker planned on
harvesting at some point for password hints or personal details.
Hopefully it's nothing of the sort, but the name... f001d might have been
a bit more suspicious, but not by much. Of course, I haven't done Java
since about time I switched from MSWormOS as it's proprietary/slaveryware
if you are using Sun or Blackdown, and somewhat limited at present with
the Freedomware alternatives, and I don't know what you are developing, so
for all I know, "fool" was a legit file. However, it still /sounds/
suspicious. I'd not be comfortable until I knew exactly why it was there,
or at least until I had done a bit of forensics on my system and could be
relatively sure I hadn't been compromised.
Of course, one other possibility is a filesystem gone badly wrong, a small
file and a file system accident, that an fsck on reboot reconstructed as
using all the free space on the entire partition! That would account for
the size, but not for the name, which would still need some sort of
explanation.
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
--
gentoo-amd64@gentoo.org mailing list