On 06/08/2018 04:54 PM, Steve Atkins wrote:
On Jun 8, 2018, at 1:47 PM, Tom Lane <t...@sss.pgh.pa.us> wrote:
Andrew Dunstan <andrew.duns...@2ndquadrant.com> writes:
On 06/08/2018 04:34 PM, Steve Atkins wrote:
I've noticed a steady trickle of reports of postgresql servers being
compromised via being left available to the internet with insecure or default
configuration, or brute-forced credentials. The symptoms are randomly named
binaries being uploaded to the data directory and executed with the permissions
of the postgresql user, apparently via an extension or an untrusted PL.
Is anyone tracking or investigating this?
Please cite actual instances of such reports. Vague queries like this
help nobody.
I imagine Steve is reacting to this report from today:
https://www.postgresql.org/message-id/CANozSKLGgWDpzfua2L=OGFN=dg3po98ujqjj18gbvfr1-yk...@mail.gmail.com
I recall something similar being reported a few weeks ago,
https://www.postgresql.org/message-id/020901d3f14c%24512a46d0%24f37ed470%24%40gmail.com
OK, those appeared on other mailing lists I don't subscribe to, so I was
missing context.
cheers
andrew
--
Andrew Dunstan https://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
