Replies: 1 comment 2 replies
-
Thank you for the report. |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello!
I am doing further investigation, but as far as I can see:
PostgreSQL is being used as a gateway for crypto miners.
The remote code is injected somewhere without direct access to the database.
Because the port it's not allowed by the firewall.
How do I know that's coming from PostgreSQL?
docker exec -it pg_root_db_1 /bin/bash
/var/lib/postgresql
.systemd-private
fileI entered into the bash using:
docker exec -it pg_root_db_1 /bin/bash
changed the owner of
/tmp/.X11-unix/
directory to root.This stopped the pgminer.
After these events, I updated the Nocodb image.
Since then, there has been no activity.
Related documentation:
CVE-2019-9193: Not a Security Vulnerability
PGMiner: New Cryptocurrency Mining Botnet Delivered via PostgreSQL
I will update
Beta Was this translation helpful? Give feedback.
All reactions