MattJ | morning | 08:39 |
---|---|---|
luna | morning | 08:45 |
zxm-pi_ | allo allo | 08:49 |
MattJ | Ok... I've been receiving frequent automated email alerts about someone's server that I help maintain some services on. The alerts have been happening for a couple of months, but within a minute or so of the alert I get another "resolved" one | 09:00 |
MattJ | I've been working on other stuff, so I ignored them (for too long). Finally I contacted the server owner and asked if they knew what was going on | 09:00 |
MattJ | They said no, but they'd be happy if I could look into it | 09:01 |
MattJ | I log in, and there's a cryptocurrency minor using 1150% CPU | 09:02 |
MattJ | *miner | 09:02 |
MattJ | Assuming the machine had been compromised, I told them... but yes, they installed it themselves, and yes, it coincided with the alerts starting | 09:03 |
zxm-pi_ | did you remove it or leave it? | 09:06 |
MattJ | Left it, it's their server :) | 09:09 |
MattJ | But now I can send the alerts to /dev/null with a clear conscience | 09:09 |
zxm-pi_ | and an email saying this in case some other behaviour tries to send similar alerts? | 09:17 |
daftykins | morn | 09:51 |
daftykins | cor crypto eh, nasty | 09:51 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!