Syslog 44gb with repeating error

cbc02009 · May 31, 2017

I have an ubuntu box that I use as a NAS and a plex server. Ubuntu is stored on a separate smaller SSD, and I access the desktop from my other PC using TigerVNC to update the system and make changes.

I logged on this morning to find that the OS ssd was out of space, and the offending file was the syslog at 44gb in size. I tried googling what the error was, but I can't find any info on it. All of the IP addresses in the errors are Russian or Eastern European, so I'm thinking my box might have been compromised? Here are examples of the lines is syslog, any help would be greatly appreciated.

May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM ec2-34-209-20-162.us-west-2.compute.amazonaws.com
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM 139.60.160.241
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM 139.60.160.243
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM 139.60.160.244
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM delta.ip-colo.net
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM 77.72.82.10
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM 139.60.160.242
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM delta.ip-colo.net
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM 91.195.103.155
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM 77.72.82.11
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM 31.44.191.110
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM 31.44.191.107
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM 77.72.82.8
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM delta.ip-colo.net
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM 77.72.82.9
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM 139.60.160.241
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM 139.60.160.243
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM 139.60.160.244
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM 77.72.82.12
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM delta.ip-colo.net
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM 77.72.82.7
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM 77.72.82.13
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM delta.ip-colo.net
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM 139.60.160.242
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM 134.213.222.59
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM delta.ip-colo.net
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM 91.195.103.155
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM 31.44.191.107
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM 31.44.191.110
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM 77.72.82.10
May 31 12:41:39 Sakura vino-server.desktop[3348]: 31/05/2017 12:41:39 PM unknown.static.123.net

Dudefoxlive · May 31, 2017

This is interesting. I have never seen a log file that is 44GB in size. try running malwarebytes and a few antiviruses and look through your system head to toe for anything that you did not do. it could be a program that you have installed on the computer that is contacting those IP's but we cant know for sure.