Crontab 100% cpu load #838
Replies: 4 comments 2 replies
-
LordRalex wrote at Aug 22 2018 13:16:02 UTC: We do not do anything with cron. This sounds like someone put a malicious file in place. What is in var/tmp/crontab-flush. I bet it's a cpu miner, I've seen it happen before. |
Beta Was this translation helpful? Give feedback.
-
LordRalex wrote at Aug 22 2018 13:16:02 UTC: To expand on my previous answer: While pufferd does run as it's own user, no server is ran in a container unless explicitly defined to do so (docker templates). This means that any server that you run can have access to the underlying machine. However, it is ran as a user who does not have root access. What it seems like happened is you had a server which chose to place a file into /var/tmp (which anyone can read/write from) and install some script which probably is a cpu-miner. |
Beta Was this translation helpful? Give feedback.
-
Slaand wrote at Aug 22 2018 13:16:02 UTC: Thank you for the answer. So yes, this is a CPU miner, and it is from one plugin for Minecraft server. It was too strange for me that miner has launched from pufferd user if honestly did not expect this |
Beta Was this translation helpful? Give feedback.
-
LordRalex wrote at Aug 22 2018 13:16:02 UTC: We do not run servers under their own user as there is no security in doing so. It also requires the daemon to run as root, which is not something we want to do (and would open up more attack vectors). This is why it's seen as running as pufferd. |
Beta Was this translation helpful? Give feedback.
-
Slaand wrote at Aug 22 2018 13:16:02 UTC:
Hello, pufferd do alot of cpu load(1 core is fully loaded) from today.
And I have found, that stuff was added as crontab task. How and why?
So after service stop it's still do the same load.
Can someone explain, what is it?
Beta Was this translation helpful? Give feedback.
All reactions