top | item 45345703

(no title)

wok4899 | 5 months ago

Omg! I am one of the user! Good find. I maily use for built-in VPN facility, gluetun do not cut out. But now time to re-think. I thought my 2000+ linux iso was causing medium CPU usage. But still lack of GPU, on my unraid server with 50+ docker containers running 24/7 CPU load is 2.31 2.04 2.00 so I wonder mining ever triggered?

Ps. I do have such binary on my machine as well, ps -ef | grep netservlet root 3708105 3665360 0 08:06 pts/2 00:00:00 grep netservlet

discuss

ZetaTauEpsilon|5 months ago

This output indicates the only process matching netservlet is your own grep, no?

thephyber|5 months ago

Agree.

The article author searched netservlet for these strings to detect the infection:

anotherlogin448|5 months ago

OP got compromised there's no issue in any hotio container.

Code and CI is all open source.

thephyber|5 months ago

My money is on the author had not updated their docker image version/tag in over 2 years.

It looks like the app used weak hard-coded admin credentials back then. Appears to have been fixed in 2023.

wok4899|5 months ago

I never have exposed this container to the world ever, and my server do report the existence of such binary. That is the reason based on CPU usage I suspect that mining never triggered.

> ps -ef | grep netservlet > root 3708105 3665360 0 08:06 pts/2 00:00:00 grep netservlet