theoneandonly-vector
commented
2 years ago 99.9% yes, it's a xmr-miner. update to the latest 14.6.3 and see if it's persistent..
Open jdevpark opened 2 years ago
theoneandonly-vector
commented
2 years ago 99.9% yes, it's a xmr-miner. update to the latest 14.6.3 and see if it's persistent..
kkimurak
commented
2 years ago note : As reported in #2447 and #2448 , it is vulnerability of gitlab itself (Remote code execution : CVE-2021-22205). It fixed in 13.10.3, 13.9.6, and 13.8.8 or later releases. See release notes at https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released
For sameersbn/gitlab image, only 13.10.3 is available.
kkimurak
commented
2 years ago Additional note : DO NOT upgrade to 14.2.x or later directly. You must relay several versions and complete the batched migration. More detail : https://docs.gitlab.com/ee/update/#version-specific-upgrading-instructions
We have received a call from the server security team. A large amount of traffic is occurring with Chinese IP.
I immediately connected to the server and checked. The "diofiglos" process was running. Network traffic is 500 Mbps/s 99% CPU Usage
I went into the "sameersbn/gitlab:12.9.2" container and checked it.
I typed the top command The "diofiglos" process is running.
I run the "docker-compose down" command. The "diofiglos" process is kill.
What is this? Does anyone have the same symptoms?