A lot of tracepath commands of postgres user [closed] - linux

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
Why postgres user generates over > 1000 processes of tracepath command?
And this uses a lot of CPU resources - up to 40% usage of my process core.
My application on ASP.NET Core 3.1 and PostgreSQL v10 server is on one VPS server.
Application using host 127.0.0.1 for connect to PostgreSQL server.
And what this command doing?
htop output:
UPD: 21.01.2010
I have detected a massive DDoS attack on my server. Attackers used root and other names that I don’t have.
I installed fail2ban and after 1-2 hours I saw this:
And count of bans is growing...
UPD: 22.01.2020
I have another problem: creating phantom process on postgresql username. It's using all my CPU and RAM...

I don't think you are under DDOS. You have been hacked, and maybe are now being used to commit DDOS against other people. They have dropped a shell launcher which lets them connect to postgresql and then call a function which launches any arbitrary shell script they want.
You said "Application using host 127.0.0.1 for connect to PostgreSQL server", but what is the attacker using? Is anyone other than 127.0.0.1 allowed to connect?
I am install fail2ban and after 1-2 hours i see this:
Any server open on port 22 and running fail2ban is going to build a list of banned IP. You didn't notice it before because you weren't running fail2ban before. It is unlikely this has anything to do with anything else you are seeing. Attacks on 22 are so ubiquitous that logging them is probably not useful.

Related

Full CPU and Memory hijacking virus attack [closed]

Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 days ago.
Improve this question
I am experiencing a serious issue with my server system. It appears to be under continuous attack by a virus or similar malicious program. I am hoping that someone can offer advice on how to resolve this issue.
The following are the symptoms of the attack:
All CPUs and Memory are being used at 100% capacity by programs that are running from the root user account. These programs have names like "/8912348071fc".
Anydesk is getting installed and running on the server, even though we have uninstalled it many times. It keeps reappearing.
A background search code is running that is trying to find files containing passwords in VNC directories. The code is running with the following command:
/bin/sh -c -ls -a /*/*/*/*/.vnc/*passwd*
We have tried different measures to remove the malicious programs, but nothing seems to work. We need to remove these malicious programs from our server system.
OS: CentOS7
We tried till now:
Stopping the program by killing it
Disable and uninstall (yum remove) anydesk
Stopping malicious unknown program running from root like that

How can I port forward without access to my router? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I have a small django project running on my Ubuntu laptop; I am developing it with a friend. Since we live in different states I want him to be able to interact with my website outside my network since he's going to be helping me evaluate it on a daily or weekly basis.
I currently have a working apache2 server running my django website. I can't port forward because the internet in my campus apartment is managed by the building admin. It's nothing fancy, really, it's just a standard Spectrum router.
Is there a way I can port forward using only my Ubuntu Laptop?
I read this on quora:
https://www.quora.com/How-can-I-port-forward-in-Debian-based-Linux-without-router-or-using-cellular-data-or-portable-mobile-WiFi
and by the looks of it; this seems to be at the OS level? is that enough?
also, would I be able to do this method on any standard network I connect? like my grandma's?
Any guidance is appreciated
I sorry if I am not understanding correctly, you have internet access but not admin control of the router? you could still port traffic to your apache server but network firewalls would probably stop you on that one.
I would highly recommend google colab I think it would be your best choice as you could sync your hard drives source to google colab for your buddy to check in on your coding...

Configure isciadm to fall back to another iscsi-portal if one is down [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
Let's say I have a 100G disk which i want to expose as an ISCSI-target and I have configured 2-ISCSI-portals(IP1, IP2) which can be used to access the ISCSI-target
Note: I have used more than one portal for my High-Availability Use-cases
Let's say, From the Host, I have used IP1 for the login to the ISCSI-Target and am able to connect to the target successfully. After some time Say, because of some reason IP1 is down.is there a config/way to specify the ISCSIADM to fall back to IP2 for connecting to ISCSI-target
As stark says in the comments above, the answer is to use dm-multipath. There are numerous articles on how to set this up, but the short answer is that it'll likely "just work".
First, install multipathd on your system. Then, when you use iscsiadm in discovery mode, so long as your iSCSI target reports both portals, Linux is going to connect to both portals. You'll get two block devices, both with the same SCSI WWN. Multipathd wakes up, sees the two devices with the same WWN, and bundles them into a /dev/dm-X device for your use. From that point forward, multipathd manages the paths according to how you've configured its policy. The default may be fine for your use.
The key point here is that iscsiadm and iSCSI are kind of "out of the way". You'll have a session for each path. The sessions may come and go. DM-Multipath manages which sessions are involved in providing access to your LUN.

Is AWS EC2 Ubuntu Instance protected by SSH Key secure enough? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I have an AWS EC2 Ubuntu instance protected by SSH Key. I was thinking, it is secure enough, but I have received an email from Amazon, telling what my instance has been hacked and used for port scanning.
I do not have a reason not to believe Amazon security team, but I do not understand how it is possible. I only use SSH Key to login to the instance, the Key has not been exposed to the world, it only being used from my home computer.
Is there are some security holes in Ubuntu I do not aware of? Is SSH Key is secure enough?
The Instance uses default 64-bit Ubuntu image, provided by AWS. It does not host any web pages.
The default ubuntu image only allows login using SSH keys and prohibits password based logins. Unless you have changed this configuration, it is very unlikely someone got in through SSH.
While unknown vulnerabilities in Ubuntu most certainly exist, their value is very high and it is extremely unlikely that someone will waste potentially millions of dollars worth of vulnerabilities to take over your particular server.
The most likely explanation is that you are running some piece of software (most likely a web application) which is vulnerable and were compromised through it.

TLS to secure external client server application [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
is it possible to use transaction layer security (tls) to secure an external client/server application without modifying the code of the application itself?
Say a client application on a machine connects to several servers on several machines over an unsecured connection. I want to encrypt this connection using openssl/tls, but I can't modify neither client nor servers, but the machine configurations (linux os running underneath). I just found stunnel but it seems that it just supports a 1:1 connection.
Thanks in advance.
If you have a finite (and reasonably small) number of servers and you can configure the port number on your client for each connection, you could run stunnel on multiple ports, each one corresponding to a different destination.
However, it sounds like setting up a VPN between all these machines would be a better option. Some VPN implementations rely on TLS, but I'm not sure it would be the best choice here. You might want to investigate other methods, such as IPSec too.

Resources