One night in the 90s I woke up at 1am because the server next to my bed started making a lot of noise! I quickly login and see a process by user "nobody" taking up 100% cpu! I'm being hacked! Quickly pull the network cable out of the wall, wide awake.
Turns out there is a cron job that updates the locate command's index.
At a web startup I worked at in 2008, we had some automated emails sent to all our users. We didn't have sendmail or postfix or whatever properly configured and so the emails came from nobody@ourdomain.com. Our CEO was pissed because he didn't understand that it wasn't like some intentional joke by our engineering team.
My first real job was to work with another intern to write a “tool to keep track of who’s been trained on what” since they were doing it with a spreadsheet. This was in 2001.
We wrote it on the LAMP stack which gave us the full suite of whatever you could find on a Linux CD at the time.
Fancy graphs? No problem.
Send reminder emails? Sure boss! We dutifully started hacking and testing and hacking to get that function in.
To test, we decided to send emails to jackfrost, santa, and so on from our own sendmail server to the corporate mail server. It worked fine because we weren’t spamming it, we were just sending a few messages every now and then as we debugged.
Turns out there’s really a Jack Frost that worked for us.
He was not pleased.
We were amused.
I think we apologized, and I forget how we figured out he was a real person.
The problem was that I only had mechanical hard drives back then and they would spin up all the time and make noise.
In 2001 I started to systematically search for the causes of the disk noises and document it at
https://www.agol.dk/quietlinux/
E.g., I spent a lot of time finding out that CUPS was generating a new certificate every 5 minutes. Nowadays it is a lot easier to investigate things like that. Back then I was patching the kernel.
I, too, got bothered by fan noise at night, and my server was being hacked.
Well. Hacked as in someone banging their password list against an SSH server that only accepts public key logins, at maximum speed with tens of simultaneous connections, pegging the CPU (and I was running junk hardware, I found that 800MHz Intel Coppermine CPU literally from a mixed waste trash bin). Usually the scripts doing this had the decency to keep the attempts to something like 1 per second which would be unnoticeable.
I remember mine (a Pentium 2 with a SCSI disk) would go off at 6 AM, just as I was about to fall asleep (aah that student life). One day I had an aha moment, that I could change the cron timer to make it run at 9am.
Turns out there is a cron job that updates the locate command's index.