Hi,
(Sorry for my english ;))
My CPU is always 100% without any activity... what's wrong please ?...
What kind of informations can I give you to help me ?
Thanks,
Yeum, when I stop elasticsearch, my CPU is always at 100... why user elasticsearch execute ./sysupdate et ./networkservice ?....
When I kill all this kind of processus, elasticsearch works fine.... but they come back few minutes later... even when elasticsearch is stopped...
Which ES version have you been running? This looks like a known exploit on a very old ES version (see https://nvd.nist.gov/vuln/detail/CVE-2015-1427 and google for "elasticsearch sysupdate"
Arf.. i've just found why... you're right... 1.7 (no choice... because of dependencies) and my firewall was disable.... I kill all process, active my firewall... but it still continue... what can I do.. please don't tell me reinstall 
....
Given that your system's been hacked, a clean install would be the only wise choice here. Can you share more details about the system that you've been running? You say it was 1.7? Which plugins are installed?
I know but I actually can't... I have found the script and understand it... and follow this recommandation http://www.hetianlab.com/html/news/news-2019070201.html, maybe it's enough... I don't know...
Debian 9, no plugin I guess
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.