Re: Compromised postgresql instances

On 06/08/2018 04:34 PM, Steve Atkins wrote:
> I've noticed a steady trickle of reports of postgresql servers being compromised via being left available to the
internetwith insecure or default configuration, or brute-forced credentials. The symptoms are randomly named binaries
beinguploaded to the data directory and executed with the permissions of the postgresql user, apparently via an
extensionor an untrusted PL.
 
>
> Is anyone tracking or investigating this?
>



Please cite actual instances of such reports. Vague queries like this 
help nobody.

Furthermore, security concerns are best addressed to the security 
mailing list.

cheers

andrew

-- 
Andrew Dunstan                https://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services