Yeah found it with our devops sorry my bad it was this issue thanks śr., 5 wrz 2018 o 12:40 Daniel Beck <[email protected]> napisał(a):
> > > > On 5. Sep 2018, at 11:15, urbanczykd <[email protected]> wrote: > > > > looks like yesterday we've been hacked quite similar as but reported a > year ago, our Jenkins server tuns again to zombie and start to mining > monero check attachment. > > Per your screenshot, you have anonymous administrator access enabled, so > anyone knowing the URL to your Jenkins can configure it to do whatever they > want. This hasn't been the default for well over two years now, partly in > response to https://jenkins.io/security/advisory/2015-10-01/ > > So you just need to actually set up security in Jenkins so that anonymous > users cannot configure it. > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/CB613A7F-2E3E-4143-B047-F5D27F2236C3%40beckweb.net > . > For more options, visit https://groups.google.com/d/optout. > -- ______________________________________ ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvHhFH/9Yk/EmbWBBr5a06x5k+dJ6WDCRAYL7ME1wR7fB1ncwMkmfGukijXSZzAV5DXT0yA5V8AYk11W3K8pqDRwlh9yvUUXxIda4xmjD52+KR3c0nTgxMtA+XvfSxmlPc423LTbRhOdjOZLIKtlyfAxnf2agDnMOG9TVLsfLoiZwsbRLRTNx7CisnkdJJFEIQylBXUCIBngL7bwt5sUZ9Ubm9h7aKg9gD0VA7JnDpSQnOWSs+DykPuU5zulsPW4TjVzEUCFeoOyNwrlDyUscva9OJmF0Rj/2gVntpBklOjDIcLx4BhyBLGD5fBb2QXOvLvy3XL6Qt49o/9uLoj5lUQ== [email protected] Dariusz Urbańczyk tel.kom. 791 235 111 -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAFuHrfQi1qBHnMaO3Sj5F-_0e64B98tMBbdn%3DW%3Dk%2B642h3v7dQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
