BUG #16692: Postgres process using 100 percent CPU
The following bug has been logged on the website:
Bug reference: 16692
Logged by: Anup Maity
Email address: email2anup14@gmail.com
PostgreSQL version: 11.0
Operating system: UBUNTU 20.4
Description:
From last 1 week, this process with user postgres is utilizing entire cpu
and approx 2.5gb ram. I have tried reinstalling postgres but then too the
issues persists. please help. No query is being running. this is in idle
usage
37811 postgres 20 0 2442744 2.3g 4 S 399.7 14.8 148:23.87
n2cP0Mv4
On Fri, Oct 30, 2020 at 3:29 PM PG Bug reporting form
<noreply@postgresql.org> wrote:
The following bug has been logged on the website:
Bug reference: 16692
Logged by: Anup Maity
Email address: email2anup14@gmail.com
PostgreSQL version: 11.0
Operating system: UBUNTU 20.4
Description:From last 1 week, this process with user postgres is utilizing entire cpu
and approx 2.5gb ram. I have tried reinstalling postgres but then too the
issues persists. please help. No query is being running. this is in idle
usage
37811 postgres 20 0 2442744 2.3g 4 S 399.7 14.8 148:23.87
n2cP0Mv4
That is not a PostgreSQL process.
It looks very much like malware running on your system, that happens
to be running under the "postgres" user account.
I'd shut the machine down immediately. And then mount the file system
through some other means (meaning mount the disk from a different
system and absolutely do *NOT* boot off this disk), figuring out where
those binaries are and try to salvage the database from there.
--
Magnus Hagander
Me: https://www.hagander.net/
Work: https://www.redpill-linpro.com/
On Fri, Oct 30, 2020 at 03:32:13PM +0100, Magnus Hagander wrote:
On Fri, Oct 30, 2020 at 3:29 PM PG Bug reporting form
<noreply@postgresql.org> wrote:The following bug has been logged on the website:
Bug reference: 16692
Logged by: Anup Maity
Email address: email2anup14@gmail.com
PostgreSQL version: 11.0
Operating system: UBUNTU 20.4
Description:From last 1 week, this process with user postgres is utilizing entire cpu
and approx 2.5gb ram. I have tried reinstalling postgres but then too the
issues persists. please help. No query is being running. this is in idle
usage
37811 postgres 20 0 2442744 2.3g 4 S 399.7 14.8 148:23.87
n2cP0Mv4That is not a PostgreSQL process.
It looks very much like malware running on your system, that happens
to be running under the "postgres" user account.I'd shut the machine down immediately. And then mount the file system
through some other means (meaning mount the disk from a different
system and absolutely do *NOT* boot off this disk), figuring out where
those binaries are and try to salvage the database from there.
Before shutting down it might be good to look at "ls -l /proc/37811",
especially "cwd" and "exe" links.
depesz
On Fri, Oct 30, 2020 at 10:32 AM Magnus Hagander <magnus@hagander.net>
wrote:
On Fri, Oct 30, 2020 at 3:29 PM PG Bug reporting form
<noreply@postgresql.org> wrote:37811 postgres 20 0 2442744 2.3g 4 S 399.7 14.8 148:23.87
n2cP0Mv4That is not a PostgreSQL process.
It looks very much like malware running on your system, that happens
to be running under the "postgres" user account.
To expand on that, the malware was likely to have been installed and
started through a compromised superuser account for his database. It is a
common attack to look for postgreSQL superuser accounts with weak
passwords, then use lo_export or COPY ... TO PROGRAM to drop cryptocurrency
mining programs. They often have names that look like that, too.
Reinstalling but without fixing the security practices just means the bad
guys come back again.
Cheers,
Jeff