Viruses kdevtmpfsi and kinsing on packages/tracker/docker-compose.yml

[plvo]

I'm running on Ubuntu 22.04.

Since yesterday, my machine has been running the kdevtmpfsi and kinsing viruses. When I search for them, I find that they come from Docker (the Docker on this machine only runs the three project images).

The process of both viruses and especially kdevtmpfsi takes 100% of CPU performance (screen btop).

Yesterday I tried to stop it, and succeeded by uninstalling Docker directly, but after reconfiguring the repo, the processes reappeared.

I saw that you're using the postgres:16 image:

cat-token-box/packages/tracker/docker-compose.yml

Line 3 in 9ed9e01

image: postgres:16

I found a very similar issue on the registery Docker Postgres repo: docker-library/postgres#1054

[damianharouff]

Yup. I posted it here already: #49

[GaloisField2718]

Have you changed every passwords in .env and tracker/docker/Bitcoin.conf?
And port too?

[damianharouff]

I have not. I don't run this garbage. I'm only a victim of the incompetence of whomever put together the instructions.

The documentation page:

cat-token-box/packages/tracker/README.md

Line 23 in 6d41191

1. Update `.env` file with your own configuration.

only states "Update with your own configuration". There's no statement to change every password in .env, and there's no statement at all to modify Bitcoin.conf.

Even if there were instructions, they won't be read by people just blindly copy and pasting the command blocks in a hurry to get to their FREE money.

[GaloisField2718]

Haha yes really not clear I updated on my branch.

[kagechio]

how to fully remove this sh1t?
Unfortunately, I'm running this on a server that is used to run other projects 💀

[GaloisField2718]

Normal.... first check for docker running with

docker ps -a

Look for Postgres:16, fractal-... and tracker.
Copy the id of each container and do

docker stop ID && docker remove ID

When you did this everything should be well removed.

[kagechio]

Normal.... first check for docker running with

docker ps -a

Look for Postgres:16, fractal-... and tracker. Copy the id of each container and do

docker stop ID && docker remove ID

When you did this everything should be well removed.

Thank You. CPU load is normal now. I'll let you know in a few hours if this doesn't come back

[plvo]

@kagechio if it reappears, and you can afford it, delete docker directly from your machine. It worked for me.

[damianharouff]

Yes good, throw everything away. :)

[kagechio]

@kagechio if it reappears, and you can afford it, delete docker directly from your machine. It worked for me.

That shit ain't coming back bro, thanks a lot @plvo @GaloisField2718 @damianharouff gbu

[kagechio]

[tushar1977]

first to do docker exec to enter to postgras , then go to /var/lib/postgresql/data/pgdata/pg_hba.conf and change host all all all scram-sha-256 to host all all all md5
then restart postgras container
do this to run tracker
sudo docker run -d
--name tracker
--add-host="host.docker.internal:host-gateway"
-e DATABASE_HOST="host.docker.internal"
-e RPC_HOST="host.docker.internal"
-e DATABASE_USERNAME="postgres"
-e DATABASE_PASSWORD="your_pass_that is entered in .env"
-e DATABASE_DB="postgres"
-p 3000:3000
tracker:latest

[damianharouff]

Other than making this situation worse, what's the point of reducing security by changing from one secure cipher to a very insecure cipher?

[tushar1977]

Other than making this situation worse, what's the point of reducing security by changing from one secure cipher to a very insecure cipher?

any solution ?

[damianharouff]

[tushar1977]

ok i tempory stopped by enabling ufw and only allowing specific ports and changed my postgres password

[opcatdev]

#134