Re: Compromised postgresql instances
| От | Andrew Dunstan |
|---|---|
| Тема | Re: Compromised postgresql instances |
| Дата | |
| Msg-id | 413b9446-dab6-66ac-9e57-d1740f6e6c42@2ndQuadrant.com обсуждение исходный текст |
| Ответ на | Re: Compromised postgresql instances (Steve Atkins <steve@blighty.com>) |
| Список | pgsql-hackers |
On 06/08/2018 04:54 PM, Steve Atkins wrote: >> On Jun 8, 2018, at 1:47 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote: >> >> Andrew Dunstan <andrew.dunstan@2ndquadrant.com> writes: >>> On 06/08/2018 04:34 PM, Steve Atkins wrote: >>>> I've noticed a steady trickle of reports of postgresql servers being compromised via being left available to the internetwith insecure or default configuration, or brute-forced credentials. The symptoms are randomly named binaries beinguploaded to the data directory and executed with the permissions of the postgresql user, apparently via an extensionor an untrusted PL. >>>> >>>> Is anyone tracking or investigating this? >>> Please cite actual instances of such reports. Vague queries like this >>> help nobody. >> I imagine Steve is reacting to this report from today: >> https://www.postgresql.org/message-id/CANozSKLGgWDpzfua2L=OGFN=Dg3Po98UjqJJ18gBVFR1-yK5+A@mail.gmail.com >> >> I recall something similar being reported a few weeks ago, > https://www.postgresql.org/message-id/020901d3f14c%24512a46d0%24f37ed470%24%40gmail.com OK, those appeared on other mailing lists I don't subscribe to, so I was missing context. cheers andrew -- Andrew Dunstan https://www.2ndQuadrant.com PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
В списке pgsql-hackers по дате отправления: