Thread: BUG #16692: Postgres process using 100 percent CPU
The following bug has been logged on the website: Bug reference: 16692 Logged by: Anup Maity Email address: email2anup14@gmail.com PostgreSQL version: 11.0 Operating system: UBUNTU 20.4 Description: From last 1 week, this process with user postgres is utilizing entire cpu and approx 2.5gb ram. I have tried reinstalling postgres but then too the issues persists. please help. No query is being running. this is in idle usage 37811 postgres 20 0 2442744 2.3g 4 S 399.7 14.8 148:23.87 n2cP0Mv4
On Fri, Oct 30, 2020 at 3:29 PM PG Bug reporting form <noreply@postgresql.org> wrote: > > The following bug has been logged on the website: > > Bug reference: 16692 > Logged by: Anup Maity > Email address: email2anup14@gmail.com > PostgreSQL version: 11.0 > Operating system: UBUNTU 20.4 > Description: > > From last 1 week, this process with user postgres is utilizing entire cpu > and approx 2.5gb ram. I have tried reinstalling postgres but then too the > issues persists. please help. No query is being running. this is in idle > usage > 37811 postgres 20 0 2442744 2.3g 4 S 399.7 14.8 148:23.87 > n2cP0Mv4 > That is not a PostgreSQL process. It looks very much like malware running on your system, that happens to be running under the "postgres" user account. I'd shut the machine down immediately. And then mount the file system through some other means (meaning mount the disk from a different system and absolutely do *NOT* boot off this disk), figuring out where those binaries are and try to salvage the database from there. -- Magnus Hagander Me: https://www.hagander.net/ Work: https://www.redpill-linpro.com/
On Fri, Oct 30, 2020 at 03:32:13PM +0100, Magnus Hagander wrote: > On Fri, Oct 30, 2020 at 3:29 PM PG Bug reporting form > <noreply@postgresql.org> wrote: > > > > The following bug has been logged on the website: > > > > Bug reference: 16692 > > Logged by: Anup Maity > > Email address: email2anup14@gmail.com > > PostgreSQL version: 11.0 > > Operating system: UBUNTU 20.4 > > Description: > > > > From last 1 week, this process with user postgres is utilizing entire cpu > > and approx 2.5gb ram. I have tried reinstalling postgres but then too the > > issues persists. please help. No query is being running. this is in idle > > usage > > 37811 postgres 20 0 2442744 2.3g 4 S 399.7 14.8 148:23.87 > > n2cP0Mv4 > > > > That is not a PostgreSQL process. > > It looks very much like malware running on your system, that happens > to be running under the "postgres" user account. > > I'd shut the machine down immediately. And then mount the file system > through some other means (meaning mount the disk from a different > system and absolutely do *NOT* boot off this disk), figuring out where > those binaries are and try to salvage the database from there. Before shutting down it might be good to look at "ls -l /proc/37811", especially "cwd" and "exe" links. depesz
On Fri, Oct 30, 2020 at 10:32 AM Magnus Hagander <magnus@hagander.net> wrote:
On Fri, Oct 30, 2020 at 3:29 PM PG Bug reporting form
<noreply@postgresql.org> wrote:
>
> 37811 postgres 20 0 2442744 2.3g 4 S 399.7 14.8 148:23.87
> n2cP0Mv4
>
That is not a PostgreSQL process.
It looks very much like malware running on your system, that happens
to be running under the "postgres" user account.
To expand on that, the malware was likely to have been installed and started through a compromised superuser account for his database. It is a common attack to look for postgreSQL superuser accounts with weak passwords, then use lo_export or COPY ... TO PROGRAM to drop cryptocurrency mining programs. They often have names that look like that, too. Reinstalling but without fixing the security practices just means the bad guys come back again.
Cheers,
Jeff