[ 
https://issues.apache.org/jira/browse/SOLR-12700?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jan Høydahl resolved SOLR-12700.
--------------------------------
    Resolution: Invalid

Please ask questions like this on the solr-user mailing list, not in JIRA.

There is nothing in the information provided that gives any clue that Solr 
would be the reason for your issues. However, there has been a number of 
security issues patched in recent versions of Solr. Stating 6.6 as your version 
does not tell us what bugfix release you are on, so you could still be 
vulnerable to some of these that were fixed in 6.6.4. or 6.6.5.

I'm closing this issue as invalid. Your next steps could be
 # Send an email to the solr-user list 
([http://lucene.apache.org/solr/community.html#mailing-lists-irc)] asking for 
advice. You should include much more details, suspicious logs etc when you send 
that email
 # Seek professional guidance to clean your servers or start with clean servers 
to make sure no malware remains. The OS, Java etc should of course also be 
fully patched.
 # Upgrade to the newest Solr release (either latest 7.x or latest 6.6.x) which 
plugs some known weaknesses in various request handlers which COULD potentially 
be ways to break into a system. See 
[https://lucene.apache.org/solr/7_4_0/changes/Changes.html] for details.
 # Make sure that Solr is NEVER exposed to an insecure network, it should 
always be behind firewalls, open only to your app servers.
 # I'm sure you may get more advice on the user's mailing list

Please do not continue discussion in this Jira issue. Only if/when a NEW code 
issue has been identified in Solr after the mailing list discussion, should you 
file a new bug report here.

> solr user used for crypto mining hack
> -------------------------------------
>
>                 Key: SOLR-12700
>                 URL: https://issues.apache.org/jira/browse/SOLR-12700
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>    Affects Versions: 6.6
>         Environment: Ubuntu running Solr 6.6
>            Reporter: Robert Gillen
>            Priority: Major
>
> I am struggling to fight an attack were the solr user is being used to crate 
> files used for mining cryptocurrencies. The files are being created in the 
> /var/tmp and /tmp folders.
> It will use 100% of the CPU. 
> I am looking for help in stopping these attacks.
> All files are created under the solr user.
> Any help would be greatly appreciated.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to