Join Log in
Score:0
GeekWithBigDisks avatar Ubuntu

My vino-server generates nearly 100 Go of syslog per day

us flag
GeekWithBigDisks

I've been accessing my Ubuntu 20 laptop remotely (that's why vino-server is active I guess but I'm not 100% sur, it may also be used by other software) from a Windows PC at work for a long time, without any issue until more or less last week when I received a warning saying my hard disk in full on my Laptop. After investigation, it appears it's the vino-server that is gone crazy : It fills the syslog with messages such as the following :

Sep 18 17:21:20  vino-server[2487]: 18/09/2021 17:21:20      ip-113-198.4vendeta.com
Sep 18 17:21:20  vino-server[2487]: 18/09/2021 17:21:20      haumea.vds.sh
Sep 18 17:21:20  vino-server[2487]: message repeated 14 times: [ 18/09/2021 17:21:20      haumea.vds.sh]
Sep 18 17:21:20  vino-server[2487]: 18/09/2021 17:21:20      217.148.142.40
Sep 18 17:21:20  vino-server[2487]: 18/09/2021 17:21:20      haumea.vds.sh
Sep 18 17:21:20  vino-server[2487]: message repeated 15 times: [ 18/09/2021 17:21:20      haumea.vds.sh]
Sep 18 17:21:20  vino-server[2487]: 18/09/2021 17:21:20      217.148.142.40
Sep 18 17:21:20  vino-server[2487]: 18/09/2021 17:21:20      haumea.vds.sh
Sep 18 17:21:20  vino-server[2487]: message repeated 13 times: [ 18/09/2021 17:21:20      haumea.vds.sh]
Sep 18 17:21:20  vino-server[2487]: 18/09/2021 17:21:20      217.148.142.40
Sep 18 17:21:20  vino-server[2487]: 18/09/2021 17:21:20      haumea.vds.sh
Sep 18 17:21:20  vino-server[2487]: message repeated 15 times: [ 18/09/2021 17:21:20      haumea.vds.sh]
Sep 18 17:21:20  vino-server[2487]: 18/09/2021 17:21:20      217.148.142.40
Sep 18 17:21:20  vino-server[2487]: 18/09/2021 17:21:20      haumea.vds.sh
Sep 18 17:21:20  vino-server[2487]: message repeated 2 times: [ 18/09/2021 17:21:20      haumea.vds.sh]
Sep 18 17:21:20  vino-server[2487]: 18/09/2021 17:21:20      ip-113-198.4vendeta.com
Sep 18 17:21:20  vino-server[2487]: 18/09/2021 17:21:20      haumea.vds.sh
Sep 18 17:21:20  vino-server[2487]: message repeated 11 times: [ 18/09/2021 17:21:20      haumea.vds.sh]
Sep 18 17:21:20  vino-server[2487]: 18/09/2021 17:21:20      217.148.142.40
Sep 18 17:21:20  vino-server[2487]: 18/09/2021 17:21:20      haumea.vds.sh
Sep 18 17:21:20  vino-server[2487]: message repeated 11 times: [ 18/09/2021 17:21:20      haumea.vds.sh]
Sep 18 17:21:20  vino-server[2487]: 18/09/2021 17:21:20      59.152.10.251
Sep 18 17:21:20  vino-server[2487]: 18/09/2021 17:21:20      haumea.vds.sh
Sep 18 17:21:20  vino-server[2487]: 18/09/2021 17:21:20      59.152.10.251
Sep 18 17:21:20  vino-server[2487]: 18/09/2021 17:21:20      haumea.vds.sh

I'm a Noob in Ubuntu, so I don't know what to do and how to do it. For the moment, I use a command to manually clean my syslog whenever the hard disk starts to be too full of logs but I'd rather understand what is wrong and correct it.
Is it possible I've got a virus or that my laptop remote access is being attacked ?
Is there in vino-server some settings to avoid sending so many lines in syslog ?
Is there a setting (an auto-purge) in syslog to limit the size of syslog ?

Thanks in advance for your help

Updates -----------
So here are the results of commands requested by waltinator to help investigate

  1. locate vino-server
    /usr/lib/systemd/user/vino-server.service
    /usr/lib/vino/vino-server /usr/share/applications/vino-server.desktop
  2. dpkg -S vino-server
    vino: /usr/lib/vino/vino-server
    vino: /usr/lib/systemd/user/vino-server.service vino: /usr/share/applications/vino-server.desktop
  3. dpkg -L vino
    /.
    /usr
    /usr/lib
    /usr/lib/systemd
    /usr/lib/systemd/user
    /usr/lib/systemd/user/vino-server.service
    /usr/lib/vino /usr/lib/vino/vino-server
    /usr/share
    /usr/share/applications
    /usr/share/applications/vino-server.desktop
    /usr/share/doc
    /usr/share/doc/vino
    /usr/share/doc/vino/AUTHORS
    /usr/share/doc/vino/NEWS.gz
    /usr/share/doc/vino/README
    /usr/share/doc/vino/changelog.Debian.gz
    /usr/share/doc/vino/copyright
    /usr/share/glib-2.0
    /usr/share/glib-2.0/schemas
    /usr/share/glib-2.0/schemas/org.gnome.Vino.enums.xml
    /usr/share/glib-2.0/schemas/org.gnome.Vino.gschema.xml

Also, since then I've tried the following process to limit the size of the syslog to 100Mb (How do I limit the size of my syslog?) and since then I don't have any hard disk issue. I've checked the last 20 entries of syslog and there is nothing at all. So, either I've accidentally stopped the syslog or the issue has dissappeared (may be because my vino server was unstable and needed a restart ?).

Thanks a lot for those who helped.

113
0 + 0
waltinator avatar
it flag
waltinator
The `haumea.vds.sh` program seems to be generating all the logs. Investigate it. `locate haumea.vds.sh` will find it, `dpkg -S haumea.vds.sh` will show which package provides it, `dpkg -L` of that package will show all the files associated with `haumea.vds.sh`.
1
Reply
GeekWithBigDisks avatar
us flag
GeekWithBigDisks
Thanks for your input. Wiredly the command locate doesn't display anything : No error but no result on screen neither. Is the result writen in a file somewhere ? Same thing for the dpkg : the command seems accepted but no visible result.
0
Reply
waltinator avatar
it flag
waltinator
Use the same commands as above, but with `vino-server` instead of `haumea.vds.sh`.
0
Reply
waltinator avatar
it flag
waltinator
Comments are designed for US to ask YOU questions about your Question. You should [Edit] your question to add information. By updating your Question, and using the formatting buttons, you make all the information available to new readers. People shouldn't have to read a long series of comments to get the whole story.
2
Reply
Doug Smythies avatar
gn flag
Doug Smythies
I think `haumea.vds.sh` is a domain name or `194.1.238.224`. There is very little in the log entires that suggest why they have been put there. Myself, I think you are under attack, but have very little to go on.
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.