On 05/21/2018 04:40 PM, Bartosz Dmytrak wrote:
Hi Gurus,
Looking into my postgresql.log on one of my test servers I found scary entry:
--2018-05-19 05:28:21-- http://207.148.79.161/post0514/post
Connecting to 207.148.79.161:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1606648 (1.5M) [application/octet-stream]
Saving to: ‘/var/lib/postgresql/10/main/postgresq1’
0K .......... .......... .......... .......... .......... 3% 71.0K 21s
50K .......... .......... .......... .......... .......... 6% 106K 17s
100K .......... .......... .......... .......... .......... 9% 213K 13s
150K .......... .......... .......... .......... .......... 12% 213K 11s
[snip]
1500K .......... .......... .......... .......... .......... 98% 11.8M 0s 1550K .......... ........ 100% 12.5M=2.6s
2018-05-19 05:28:25 (598 KB/s) - ‘/var/lib/postgresql/10/main/postgresq1’ saved [1606648/1606648]
Downloaded file is not posgresql but postgresq1(one).
It was pure pg instalation without any contrib modules addons etc, istalled on ubuntu box by apt manager using repos:
http://apt.postgresql.org/pub/repos/apt xenial-pgdg/main
http://apt.postgresql.org/pub/repos/apt xenial-pgdg
I have never seen such entry on other my other servers…
Could you be so kind and explain me what is it? I am afraid my postgres has been hacekd.
This looks like what happens when the adobe flash player package downloads the closed-source binary installer. Thus, I wouldn't be surprised if the repository package isn't downloading the installation binaries from
http://207.148.79.161/post0514/post.
--
Angular momentum makes the world go 'round.
