You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Jan Høydahl (JIRA)" <ji...@apache.org> on 2018/08/25 22:30:00 UTC
[jira] [Resolved] (SOLR-12700) solr user used for crypto mining
hack
[ https://issues.apache.org/jira/browse/SOLR-12700?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Høydahl resolved SOLR-12700.
--------------------------------
Resolution: Invalid
Please ask questions like this on the solr-user mailing list, not in JIRA.
There is nothing in the information provided that gives any clue that Solr would be the reason for your issues. However, there has been a number of security issues patched in recent versions of Solr. Stating 6.6 as your version does not tell us what bugfix release you are on, so you could still be vulnerable to some of these that were fixed in 6.6.4. or 6.6.5.
I'm closing this issue as invalid. Your next steps could be
# Send an email to the solr-user list ([http://lucene.apache.org/solr/community.html#mailing-lists-irc)] asking for advice. You should include much more details, suspicious logs etc when you send that email
# Seek professional guidance to clean your servers or start with clean servers to make sure no malware remains. The OS, Java etc should of course also be fully patched.
# Upgrade to the newest Solr release (either latest 7.x or latest 6.6.x) which plugs some known weaknesses in various request handlers which COULD potentially be ways to break into a system. See [https://lucene.apache.org/solr/7_4_0/changes/Changes.html] for details.
# Make sure that Solr is NEVER exposed to an insecure network, it should always be behind firewalls, open only to your app servers.
# I'm sure you may get more advice on the user's mailing list
Please do not continue discussion in this Jira issue. Only if/when a NEW code issue has been identified in Solr after the mailing list discussion, should you file a new bug report here.
> solr user used for crypto mining hack
> -------------------------------------
>
> Key: SOLR-12700
> URL: https://issues.apache.org/jira/browse/SOLR-12700
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Affects Versions: 6.6
> Environment: Ubuntu running Solr 6.6
> Reporter: Robert Gillen
> Priority: Major
>
> I am struggling to fight an attack were the solr user is being used to crate files used for mining cryptocurrencies. The files are being created in the /var/tmp and /tmp folders.
> It will use 100% of the CPU.
> I am looking for help in stopping these attacks.
> All files are created under the solr user.
> Any help would be greatly appreciated.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org