Rootdisk full but can't find why

Hi,

My root-disk shows as 99% full. I found out my log file was 43 GB big, so I deleted obsolte logs clearing over 40 GB in data (must enable logrotation ;o). But after that it still shows 99% full

[xxx /]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/centos_37–97–189–250-root 50G 50G 6.8M 100% /
devtmpfs 3.9G 0 3.9G 0% /dev
tmpfs 3.9G 0 3.9G 0% /dev/shm
tmpfs 3.9G 8.5M 3.9G 1% /run
tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
/dev/vda1 497M 236M 262M 48% /boot
/dev/mapper/centos_37–97–189–250-home 246G 18G 229G 8% /home
tmpfs 783M 0 783M 0% /run/user/1000
tmpfs 783M 0 783M 0% /run/user/525
tmpfs 783M 0 783M 0% /run/user/0

But when I try to find the big directories it doesn’t return anything out of the ordinary:
[**1 /]# du --max-depth=1 -m -x -h /
44M /etc
7.0M /root
12K /tmp
9.8G /var
2.0G /usr
0 /media
0 /mnt
0 /opt
0 /srv
416K /backups
12G /

Any advice is appreciated!

Hi,

I would suggest starting to check the “home” directories for domains you control. If any of them are running “Joomla”, “WordPress”, “Drupal” or other open source software, it’s quite possible one of them were hacked and the hacker is injecting useless files into the filesystem.

If you require assistance investigating the matter, feel free to fire me an email or post further details here.