HI Team We are stuck in middle of a hacking issue, which have been raised after I installed GNU parallel on one of our servers using below command.
(wget -O - pi.dk/3 || curl pi.dk/3/ || fetch -o - http://pi.dk/3) | bash I was using below link for personal learning as well. https://www.gnu.org/software/parallel/parallel_tutorial.html Now I want to know can something like this happen? We are getting emails where an attempt has been made on a server location in brazil using our server details. We are planning to uninstall or rollback to last snapshot but I would like to know your views on the issue!! It is important and urgent. I have not send the version number or any other details because we do not want to run anything associated with Parallel. Messages from our syslog ======================================================================== Jan 31 01:44:04 xxxxx time=01:41:24 devname=FGxxxx devid=xxxx logid=xx type=traffic subtype=forward level=notice vd=root srcip=xxxx srcport=xxxx srcintf="xxx" dstip=xxx dstport=xx dstintf="xx" poluuid=xxx sessionid=xx proto=xx action=deny policyid=xx dstcountry="xx" srccountry="xx" trandisp=xx service="SSH" duration=0 sentbyte=0 rcvdbyte=0 sentpkt=0 appcat="unscanned" crscore=xx craction=xx crlevel=high (unfortunately, I cannot share any details) Br, Rachit
