Quick Links

Compromised postgresql instances

From:	Steve Atkins <steve(at)blighty(dot)com>
To:	pgsql-hackers(at)postgresql(dot)org
Subject:	Compromised postgresql instances
Date:	2018-06-08 20:34:19
Message-ID:	3CFA575D-FFB0-401F-AF7A-385B476D9484@blighty.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

I've noticed a steady trickle of reports of postgresql servers being compromised via being left available to the internet with insecure or default configuration, or brute-forced credentials. The symptoms are randomly named binaries being uploaded to the data directory and executed with the permissions of the postgresql user, apparently via an extension or an untrusted PL.

Is anyone tracking or investigating this?

Cheers,
Steve

Responses

Re: Compromised postgresql instances at 2018-06-08 20:39:25 from Andrew Dunstan

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Alvaro Herrera	2018-06-08 20:35:52	Re: SHOW ALL does not honor pg_read_all_settings membership
Previous Message	Peter Da Silva	2018-06-08 19:34:20	Re: pl/tcl function to detect when a request has been canceled