Size of Aphlict logs on host aphlict1001.eqiad.wmnet has dramatically increased in the last couple of days:
root@aphlict1001:/# ls -lh var/log/aphlict/* -rw-r--r-- 1 aphlict aphlict 11G Oct 19 11:57 var/log/aphlict/aphlict.log -rw-r--r-- 1 aphlict aphlict 60M Oct 17 00:00 var/log/aphlict/aphlict.log.3.gz -rw-r--r-- 1 aphlict aphlict 53M Oct 16 00:01 var/log/aphlict/aphlict.log.4.gz -rw-r--r-- 1 aphlict aphlict 116M Oct 15 00:01 var/log/aphlict/aphlict.log.5.gz -rw-r--r-- 1 aphlict aphlict 93M Oct 14 00:01 var/log/aphlict/aphlict.log.6.gz -rw-r--r-- 1 aphlict aphlict 69M Oct 13 00:01 var/log/aphlict/aphlict.log.7.gz -rw-r--r-- 1 aphlict aphlict 58M Oct 12 00:00 var/log/aphlict/aphlict.log.8.gz
Noticeably, a significant portion of the messages in the latest log come from user PHID-USER-2jawdezwv2ifbl2sgpfe:
jnuche@aphlict1001:~$ wc -l /var/log/aphlict/aphlict.log 74330212 /var/log/aphlict/aphlict.log jnuche@aphlict1001:~$ grep -c 'PHID-USER-2jawdezwv2ifbl2sgpfe' /var/log/aphlict/aphlict.log 27362217
No sensitive data in this ticket, but tagged with "security" just in case this could be the symptom of some kind of attack.