I am running Ubuntu 14.04 server with ISPConfig installed and etc.
Latest I saw a suspicious home directory named ub. It has some encrypted files in it. Also I found /run/shm/ecryptfs-ub-Private is owned by this user.
I changed password of the user and ssh login to the account. Just saw encrypted files. Later on I deleted the user ub and group ub. But I am not sure if I have done the right thing.
Does it might be a auto generated user and group by some services? Or is it really suspicious?
I did not see any processes run by this user by top command.
