On Fri, Jul 11, 2025 at 11:13 AM Edmundo Robles <edmu...@sw-argos.com> wrote:
> Hi > > i have (PostgreSQL) 13.16 (Debian 13.16-0+deb11u1) > While monitoring active queries, I came across the following: > > `DROP TABLE IF EXISTS _145e289026a0a2a62de07e49c06d9965; CREATE TABLE > _145e289026a0a2a62de07e49c06d9965(cmd_output text); COPY > _145e289026a0a2a62de07e49c06d9965 FROM PROGRAM 'BASE64 string'` > > The 'BASE64 string' appears to be a shell script that creates hidden > directories, `.xdiag` and `.xperf`, in `/tmp`. > > Could you please help me locate and clean these? I apologize if this is > not the appropriate contact for this issue. > this looks like a hack. something or someone has ability to run arbitrary sql. shut the server down and start taking steps to secure. is this server behind a firewall?
