-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 20/04/2014 19:56, Gavin Henry wrote: > Hi all, > > Not usually a post you see on uknof, but wanted some help and to > check if anyone else has seen this? >
Not seen it but have seen variants reported - that's a coin miner of some sort (-u username -p password - the fact it's looking for RAM available etc suggests probably Scrypt-based). The IP it's targeting is a pool called YPool. Might be worth reporting this to the pool and/or the host of the file (company called VolumeDrive apparently). Are you running any Nagios extensions that run as servers? Are you using nrpe/is it locked down in your firewall to only accept your Nagios host? - -- Cheers, James Harrison -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) iQIcBAEBAgAGBQJTVBx/AAoJENTyYHL8dmp9hH0P/A0MijJbE4Q4c/l7O++7uKA2 DoMhADLSs3AEtY9lxicoXpNJJEg9AzgXWmwd8nsb9ZRRxWqBBspkhGIn1B5kGqwU 3vCCkKQE9aOTHH9Ec7YQaqj88P1G7j00CVb5KCTm8FjaG8QjustyrAzAlOBVUeqb iSpUTSfPcOotBqb+YX9QhauOU/4E4Gm/LsNaJVTCYej/CNDq/H3dsZFFvcl0DDCN nx3WRJolyeXLeBxmWy86w91EzCKZZ+cPIUGfdmkr5TkCucX4q2BPDsPe4D0eLLDj 8m8AsuNtpKhED93i+iVFFmKQIKWg158SZJh4n/nyxkmiafN3saIYLBRyFWbfKvmi RW2jP7fDUWV1yrvl3xS2LmT8Ry20ZI5IBlgm5/uDjE0/lfHCOh2Zwt/MGy582xMx YaWsvNSpLcqjwALvCEa9xh1hlr6DT7jGOqNz7rI6BoYBBigk7Fe0qi7R9wt4BEPh QChsB/eGWxFaXokbnfDVc2uAV0XzfwWUgCnGgrl8kaDmxU3KTHUR476HDHijnRnA 1d+FEVoi2fasQOBYFWLSSnOxTIJCVO6eLMydQbzYdM0VWN7Y0LCYIprZbzVXS01E nJE/VmYQl4zp6hDDvbMzuBYlgzvCCqvOkzLSvKyKJObfGrZnA5qqRS2AwjXBd5+5 Ym95BFjm6K5+wlPAs6vb =jVVb -----END PGP SIGNATURE-----
