[
https://issues.apache.org/jira/browse/SOLR-12700?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jan Høydahl resolved SOLR-12700.
--------------------------------
Resolution: Invalid
Please ask questions like this on the solr-user mailing list, not in JIRA.
There is nothing in the information provided that gives any clue that Solr
would be the reason for your issues. However, there has been a number of
security issues patched in recent versions of Solr. Stating 6.6 as your version
does not tell us what bugfix release you are on, so you could still be
vulnerable to some of these that were fixed in 6.6.4. or 6.6.5.
I'm closing this issue as invalid. Your next steps could be
# Send an email to the solr-user list
([http://lucene.apache.org/solr/community.html#mailing-lists-irc)] asking for
advice. You should include much more details, suspicious logs etc when you send
that email
# Seek professional guidance to clean your servers or start with clean servers
to make sure no malware remains. The OS, Java etc should of course also be
fully patched.
# Upgrade to the newest Solr release (either latest 7.x or latest 6.6.x) which
plugs some known weaknesses in various request handlers which COULD potentially
be ways to break into a system. See
[https://lucene.apache.org/solr/7_4_0/changes/Changes.html] for details.
# Make sure that Solr is NEVER exposed to an insecure network, it should
always be behind firewalls, open only to your app servers.
# I'm sure you may get more advice on the user's mailing list
Please do not continue discussion in this Jira issue. Only if/when a NEW code
issue has been identified in Solr after the mailing list discussion, should you
file a new bug report here.
> solr user used for crypto mining hack
> -------------------------------------
>
> Key: SOLR-12700
> URL: https://issues.apache.org/jira/browse/SOLR-12700
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Affects Versions: 6.6
> Environment: Ubuntu running Solr 6.6
> Reporter: Robert Gillen
> Priority: Major
>
> I am struggling to fight an attack were the solr user is being used to crate
> files used for mining cryptocurrencies. The files are being created in the
> /var/tmp and /tmp folders.
> It will use 100% of the CPU.
> I am looking for help in stopping these attacks.
> All files are created under the solr user.
> Any help would be greatly appreciated.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
