And I can suggest checking cron jobs both on root and postgres, killing
those processes and changing root postgres passwords.

Ahmet

On Mon, 2 Jan 2023 at 09:19, Tom Lane <t...@sss.pgh.pa.us> wrote:

> Antonis Christodoulou <christan...@hotmail.com> <
> vi1p193mb051005c8be974502a0d4a315e1...@vi1p193mb0510.eurp193.prod.outlook.com>
> writes:
> > This is a machine in the cloud, I can’t disconnect it.
>
> In that case, you need to be taking nonzero security precautions.
>
> > And yes the ps looks like this precisely when I do a fresh restart. I
> kill all postgres processes and restart:
> > Then this is the output of me ps:
>
> That looks fine ... but this doesn't:
>
> >>> postgres 3342383       1  0  2022 ?        00:00:00 FzXlkULu
> >>> postgres 3344758       1 99  2022 ?        3-14:39:11 OElid7Dp
> >>> postgres 3419125       1 18 13:57 ?        01:17:03 tracepath
>
> Somebody is hacking into your system and commandeering it to run
> something resource-intensive, possibly a bitcoin miner.  Whatever
> it is, it's trying to obscure its process name which is hardly
> a sign of good intentions.
>
> I'd counsel taking a hard look at your pg_hba.conf to be sure
> it's not allowing non-credentialed logins from anywhere.  And
> for pete's sake don't use a guessable password.
>
>                         regards, tom lane
>
>
>

Reply via email to