On Wed, Dec 13, 2017 at 11:36:11AM +0100, Laurenz Albe wrote:
> Dinesh Chandra 12108 wrote:
> > My CPU utilization is going to 100% in PostgreSQL because of one unknown
> > process /x3303400001 is running from postgres user.
> > PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
> > 19885 postgres 20 0 192684 3916 1420 S 99.3 0.1 5689:04
> > x3303400001
> > The same file is automatically created in Postgres Cluster also. I am using
> > Postgresql-9.3.
> > Kindly suggest how can I resolve this issue.
> I don't know, but the same problem has been reported on Stackoverflow:
> If your queries look similar, then you might indeed be the victim of an
> Figure out where the function and the executable come from.
> In case of doubt, disconnect the server from the network.
Looks suspicious; I would look at (and save) things like these:
ls -l /proc/19885/exe
ls -l /proc/19885/fd
ls -l /proc/19885/cwd
sudo lsof -n -p 19885
sudo netstat -anpe |grep 19885
Stacktrace with gcore/gdb is a good idea.
Save a copy of your log/postgres logfiles and try to figure out where it came
from. Since an attacker seems to control the postgres process, your data may
have been compromized (leaked or tampered with).