And I can suggest checking cron jobs both on root and postgres, killing those processes and changing root postgres passwords.
Ahmet On Mon, 2 Jan 2023 at 09:19, Tom Lane <t...@sss.pgh.pa.us> wrote: > Antonis Christodoulou <christan...@hotmail.com> < > vi1p193mb051005c8be974502a0d4a315e1...@vi1p193mb0510.eurp193.prod.outlook.com> > writes: > > This is a machine in the cloud, I can’t disconnect it. > > In that case, you need to be taking nonzero security precautions. > > > And yes the ps looks like this precisely when I do a fresh restart. I > kill all postgres processes and restart: > > Then this is the output of me ps: > > That looks fine ... but this doesn't: > > >>> postgres 3342383 1 0 2022 ? 00:00:00 FzXlkULu > >>> postgres 3344758 1 99 2022 ? 3-14:39:11 OElid7Dp > >>> postgres 3419125 1 18 13:57 ? 01:17:03 tracepath > > Somebody is hacking into your system and commandeering it to run > something resource-intensive, possibly a bitcoin miner. Whatever > it is, it's trying to obscure its process name which is hardly > a sign of good intentions. > > I'd counsel taking a hard look at your pg_hba.conf to be sure > it's not allowing non-credentialed logins from anywhere. And > for pete's sake don't use a guessable password. > > regards, tom lane > > >