On 06/08/2018 04:54 PM, Steve Atkins wrote:
>> On Jun 8, 2018, at 1:47 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>>
>> Andrew Dunstan <andrew.dunstan@2ndquadrant.com> writes:
>>> On 06/08/2018 04:34 PM, Steve Atkins wrote:
>>>> I've noticed a steady trickle of reports of postgresql servers being compromised via being left available to the
internetwith insecure or default configuration, or brute-forced credentials. The symptoms are randomly named binaries
beinguploaded to the data directory and executed with the permissions of the postgresql user, apparently via an
extensionor an untrusted PL.
>>>>
>>>> Is anyone tracking or investigating this?
>>> Please cite actual instances of such reports. Vague queries like this
>>> help nobody.
>> I imagine Steve is reacting to this report from today:
>> https://www.postgresql.org/message-id/CANozSKLGgWDpzfua2L=OGFN=Dg3Po98UjqJJ18gBVFR1-yK5+A@mail.gmail.com
>>
>> I recall something similar being reported a few weeks ago,
> https://www.postgresql.org/message-id/020901d3f14c%24512a46d0%24f37ed470%24%40gmail.com
OK, those appeared on other mailing lists I don't subscribe to, so I was
missing context.
cheers
andrew
--
Andrew Dunstan https://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services