[SAC] High load "geotools" job on osgeo6: cryptonight at work
Markus Neteler
neteler at osgeo.org
Sun Sep 16 07:32:10 PDT 2018
Hi SAC,
I just discovered:
on osgeo6 the cryptominer "j" running as "geotools" user is back :-(
Tasks: 522 total, 1 running, 520 sleeping, 1 stopped, 0 zombie
%Cpu(s): 50.3 us, 0.1 sy, 0.0 ni, 49.6 id, 0.0 wa, 0.0 hi, 0.0 si,
0.0 st
KiB Mem: 13193000+total, 13111448+used, 815528 free, 8140 buffers
KiB Swap: 15622140 total, 18180 used, 15603960 free. 11951499+cached Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
2845 geotools 20 0 1219628 25032 2048 S 1200 0.0 100848:13 j
... stealing some of our resources.
It runs since:
root at osgeo6:~# ps -p 2845 -o pid,lstart,comm,cmd
PID STARTED COMMAND CMD
2845 Mon Sep 10 11:11:51 2018 j [ksoftirqd]
Clearly, "geotools" was connected that time, for 3 seconds:
root at osgeo6:~# last
...
root pts/0 ............. Thu Sep 13 13:33 - 13:34 (00:00)
jmckenna pts/0 ............. Tue Sep 11 05:37 - 20:25 (14:48)
jmckenna pts/0 ............. Mon Sep 10 11:15 - 13:27 (02:11)
geotools pts/0 104.239.230.121 Mon Sep 10 11:09 - 11:12 (00:03)
root pts/0 ............... Mon Sep 10 11:07 - 11:08 (00:00)
I suggest that we put stronger measures this time:
Can we now agree that a password reset may be a good idea? Or, ssh key only.
Markus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/sac/attachments/20180916/518fc450/attachment.html>
More information about the Sac
mailing list