xmrig running - hacked or open?


Recommended Posts

Hi,

 

I noticed CPU activity at 100% this morning and "xmrig" was running.  A quick search and there are a couple of other threads of this happening to others who have opened some of their ports.

 

I've had reverse proxy set up for a good while but I don't think I have any ports open directly to the server.

 

I've attached my diagnosis file if anyone can see anything suspicious that would be much appreciated.

 

 

ridcully-diagnostics-20210312-0812.zip

Link to comment
Quote

    1    HTTP               80        85        192.168.0.5
    2    Letsencrypt    443        448        192.168.0.5
    3    Usenet            8888    8888    192.168.0.5
    4    Wireguard        51820    51820    192.168.0.5

 

These are the port forwarding rules I have.

 

The miner was running under the user "nobody" which I use for applications.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.