more is a legitimate program (it reads a file and writes it out one page at a time), if it is the real more
. It is a memory hog in that (unlike the more advanced pager less
) it reads the entire file into memory.
I did an experiment to see if I could get the real more
to show similar fds to you. I piped yes "" | head -n10000 >/tmp/test
, then ran more < /tmp/test 2>/dev/null
. Then I ran ls -l /proc/`pidof more`/fd
.
Results:
lr-x------ 1 andrew andrew 64 Nov 5 14:56 0 -> /tmp/test
lrwx------ 1 andrew andrew 64 Nov 5 14:56 1 -> /dev/pts/2
l-wx------ 1 andrew andrew 64 Nov 5 14:56 2 -> /dev/null
lrwx------ 1 andrew andrew 64 Nov 5 14:56 3 -> 'anon_inode:[signalfd]'
I think this suggests your open files are probably consistent with the real more
when errors are piped to /dev/null
. Most likely, you were running something that called more to output something to you (or someone else logged in on a PTY) that had been written to /tmp/RG3tBlTNF8
. Next time, you could find the parent of the more process, or look up what else is attached to the same PTS
with the fuser
command.
Probably more likely they dial more calls than they can scam on the basis that a silent hang up call costs them only the cost of connecting the call, but their scammer’s wages cost them more if not enough people answer and there is no one for the scammer to speak to.
It’s essentially putting the cost of uncertain numbers of people answering onto the victims rather than the scammer - selfish, but so is scamming people!
Telemarketers do the same thing, although at least they often have to fear their local regulators in many countries if they do it too much, while scammers are criminals who are going to break the law anyway, so I suspect most silent calls are probably scammers.