I've noticed a steady trickle of reports of postgresql servers being compromised via being left available to the internet with insecure or default configuration, or brute-forced credentials. The symptoms are randomly named binaries being uploaded to the data directory and executed with the permissions of the postgresql user, apparently via an extension or an untrusted PL.
Is anyone tracking or investigating this?
Cheers,
Steve