> On 5. Sep 2018, at 11:15, urbanczykd <[email protected]> wrote:
>
> looks like yesterday we've been hacked quite similar as but reported a year
> ago, our Jenkins server tuns again to zombie and start to mining monero check
> attachment.
Per your screenshot, you have anonymous administrator access enabled, so anyone
knowing the URL to your Jenkins can configure it to do whatever they want. This
hasn't been the default for well over two years now, partly in response to
https://jenkins.io/security/advisory/2015-10-01/
So you just need to actually set up security in Jenkins so that anonymous users
cannot configure it.
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/CB613A7F-2E3E-4143-B047-F5D27F2236C3%40beckweb.net.
For more options, visit https://groups.google.com/d/optout.
