Mar 25 • 🛠️ Problèmes Résolus
Malware détecté avec Hostinger
J'ai été un peu surpris que plusieurs viennent me rapporter qu'ils ont des Malware sur leur serveur VPS.
N'ayez crainte, j'ai les explications.
Après vérification ( Voir ci-dessous ) :
Il existe effectivement un container avec xmrig.nix qui est utilisé pour miner du Minero.
Hors, il n'est pas actif mais Hostinger le déclare quand même.
Il est dans le fichier de config de NixOS qui est un système de gestion de paquets.
✨ En résumé :
xmrig.nix
Présent dans les modules NixOS
✅Service actif Très probablement non
❌Risque réel Aucun tant que non activé 💡
Tu es donc tranquille. Pas de cryptojacking ici, juste un module dispo dans l'écosystème NixOS, comme un ingrédient qu'on n’utilise pas dans la recette.
------------------------------------------------------------------------------------------------------------------------------------------------------------------
root@srv745000:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e3a5d03d4dc2 traefik:v3.1 "/entrypoint.sh --pi…" 29 hours ago Up 29 hours (healthy) 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp, 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp, 0.0.0.0:443->443/udp, :::443->443/udp coolify-proxy
50259710ca99 supabase/storage-api:v1.14.6 "docker-entrypoint.s…" 29 hours ago Up 29 hours (healthy) 5000/tcp supabase-storage-sc0g4gss440wswc88so4oskc
e2db205caa9b postgrest/postgrest:v12.2.0 "postgrest" 29 hours ago Up 29 hours 3000/tcp supabase-rest-sc0g4gss440wswc88so4oskc
07221a766e5f supabase/realtime:v2.33.70 "/usr/bin/tini -s -g…" 29 hours ago Up 29 hours (healthy) realtime-dev-sc0g4gss440wswc88so4oskc
f266665e1cb5 kong:2.8.1 "bash -c 'eval \"echo…" 29 hours ago Up 29 hours (healthy) 8000-8001/tcp, 8443-8444/tcp supabase-kong-sc0g4gss440wswc88so4oskc
5997e8deb1ce supabase/edge-runtime:v1.65.3 "edge-runtime start …" 29 hours ago Up 29 hours (healthy) supabase-edge-functions-sc0g4gss440wswc88so4oskc
20842f1d83dd supabase/gotrue:v2.164.0 "auth" 29 hours ago Up 29 hours (healthy) supabase-auth-sc0g4gss440wswc88so4oskc
43b3682cc03b supabase/studio:20241202-71e5240 "docker-entrypoint.s…" 29 hours ago Up 29 hours (healthy) 3000/tcp supabase-studio-sc0g4gss440wswc88so4oskc
761c9a63ac9c supabase/postgres-meta:v0.84.2 "docker-entrypoint.s…" 29 hours ago Up 29 hours (healthy) 8080/tcp supabase-meta-sc0g4gss440wswc88so4oskc
70a0eade7067 supabase/supavisor:1.1.56 "/usr/bin/tini -s -g…" 29 hours ago Up 29 hours (healthy) supabase-supavisor-sc0g4gss440wswc88so4oskc
07cdeac34d17 supabase/logflare:1.4.0 "sh run.sh" 29 hours ago Up 29 hours (healthy) supabase-analytics-sc0g4gss440wswc88so4oskc
0aaa8541b6ad supabase/postgres:15.6.1.146 "docker-entrypoint.s…" 29 hours ago Up 29 hours (healthy) 5432/tcp supabase-db-sc0g4gss440wswc88so4oskc
9e39e6156e72 timberio/vector:0.28.1-alpine "/usr/local/bin/vect…" 29 hours ago Up 29 hours (healthy) supabase-vector-sc0g4gss440wswc88so4oskc
1fa55a186dad darthsim/imgproxy:v3.8.0 "imgproxy" 29 hours ago Up 29 hours (healthy) 8080/tcp imgproxy-sc0g4gss440wswc88so4oskc
be82e32b18d4 minio/minio "/usr/bin/docker-ent…" 29 hours ago Up 29 hours (healthy) 9000/tcp supabase-minio-sc0g4gss440wswc88so4oskc
40de43c05163 nginx:stable-alpine "/docker-entrypoint.…" 29 hours ago Up 3 seconds (health: starting) 80/tcp, 0.0.0.0:54322->54322/tcp, :::54322->54322/tcp sc0g4gss440wswc88so4oskc-proxy
3401ae90211d docker.n8n.io/n8nio/n8n:latest "tini -- /docker-ent…" 2 days ago Up 32 seconds (health: starting) 5678/tcp n8n-p0oocc0kcogo0448sgo8wc84
fa193b82bca6 redis:7.2 "docker-entrypoint.s…" 2 days ago Up 2 days (healthy) 6379/tcp s40gsoww4ko40kc0c0k8ss8w
72a8736e00fe docker.n8n.io/n8nio/n8n "tini -- /docker-ent…" 6 days ago Up 6 days (healthy) 5678/tcp n8n-uwwgk4ocs8cog0gcw888k80g
5d32b0d66a30 wordpress:latest "docker-entrypoint.s…" 2 weeks ago Up 2 weeks (healthy) 80/tcp wordpress-i0ocokgwwg8gg8c84cgw0ggw
8644c80715aa mysql:8 "docker-entrypoint.s…" 2 weeks ago Up 2 weeks (healthy) 3306/tcp, 33060/tcp mysql-i0ocokgwwg8gg8c84cgw0ggw
ae80f8a63210 wordpress:latest "docker-entrypoint.s…" 2 weeks ago Up 2 weeks (healthy) 80/tcp wordpress-x4w48kc8ccs4s8o4kscoo484
06a511622d4b mysql:8 "docker-entrypoint.s…" 2 weeks ago Up 2 weeks (healthy) 3306/tcp, 33060/tcp mysql-x4w48kc8ccs4s8o4kscoo484
63a4dbbc9b63 jc84s8wk4k0csk0k04804ggs:34cc49209a6d491db296a21b10d5bc84013a607b "/docker-entrypoint.…" 2 weeks ago Up 2 weeks 80/tcp jc84s8wk4k0csk0k04804ggs-172209905303
a35c635d78c6 budibase/proxy "/docker-entrypoint.…" 2 weeks ago Up 2 weeks (healthy) 80/tcp proxy-service-w0s08cg4c4g4og8o08oow4gw
ab41e3e89f5c a0db1a571bb0 "docker-entrypoint.s…" 2 weeks ago Up 2 weeks (healthy) 4001/tcp app-service-w0s08cg4c4g4og8o08oow4gw
d2136f767c2d 9cb7e4e59173 "docker-entrypoint.s…" 2 weeks ago Up 2 weeks (healthy) 4001/tcp worker-service-w0s08cg4c4g4og8o08oow4gw
0129796f4a7a budibase/couchdb "tini -- /docker-ent…" 2 weeks ago Up 2 weeks (healthy) 4369/tcp, 4984/tcp, 5984/tcp, 9100/tcp couchdb-service-w0s08cg4c4g4og8o08oow4gw
596fc2523bdb 43724892d6db "docker-entrypoint.s…" 2 weeks ago Up 2 weeks (healthy) 6379/tcp redis-service-w0s08cg4c4g4og8o08oow4gw
2816defa7aa9 377fe6127f60 "/usr/bin/docker-ent…" 2 weeks ago Up 2 weeks (healthy) 9000/tcp minio-service-w0s08cg4c4g4og8o08oow4gw
8646fc1ee809 9a2bf4acdf04 "/docker-entrypoint.…" 2 weeks ago Exited (1) 2 weeks ago aks44884wg4o4cgcksssk4co-proxy
a67157aa8a16 ghcr.io/coollabsio/coolify:4.0.0-beta.397 "docker-php-serversi…" 2 weeks ago Up 2 weeks (healthy) 8000/tcp, 8443/tcp, 9000/tcp, 0.0.0.0:8000->8080/tcp, :::8000->8080/tcp coolify
90babcd864bf ghcr.io/coollabsio/coolify-realtime:1.0.6 "/bin/sh /soketi-ent…" 2 weeks ago Up 2 weeks (healthy) 0.0.0.0:6001-6002->6001-6002/tcp, :::6001-6002->6001-6002/tcp coolify-realtime
beb3657f28cf 8f5c54441eb9 "docker-entrypoint.s…" 2 weeks ago Up 2 weeks (healthy) 6379/tcp coolify-redis
bb6b65123278 postgres:15-alpine "docker-entrypoint.s…" 2 weeks ago Up 2 weeks (healthy) 5432/tcp coolify-db
root@srv745000:~# docker images | grep -i xmrig
root@srv745000:~# ps aux | grep -i xmrig
root 3267141 0.0 0.0 6944 2304 pts/0 S+ 16:21 0:00 grep --color=auto -i xmrig
root@srv745000:~# find / -type f -iname "*xmrig*" 2>/dev/null
/var/lib/docker/overlay2/9ad52639881e88983e2e984c9eacc8f103eec516a752fa6cd26ab2f1a95d42d0/diff/nix/store/0jcxirm8wdmqrdqs7ay71qj2yc4ky9zq-source/nixos/modules/services/misc/xmrig.nix
/var/lib/docker/overlay2/9ad52639881e88983e2e984c9eacc8f103eec516a752fa6cd26ab2f1a95d42d0/diff/nix/store/.links/06db4afl3pag5bp7icynaxmrigksxyxhl64pjsfjagmrcsi57v2f
/var/lib/docker/overlay2/f51ddb0b942b63c83cb16c82fa23b2bf78623f8906cb080a7c6b4a2bd4c589b5/merged/nix/store/.links/06db4afl3pag5bp7icynaxmrigksxyxhl64pjsfjagmrcsi57v2f
/var/lib/docker/overlay2/f51ddb0b942b63c83cb16c82fa23b2bf78623f8906cb080a7c6b4a2bd4c589b5/merged/nix/store/0jcxirm8wdmqrdqs7ay71qj2yc4ky9zq-source/nixos/modules/services/misc/xmrig.nix
root@srv745000:~# grep -Ri "xmrig" /etc/nixos/
grep: /etc/nixos/: No such file or directory
root@srv745000:~#
4
5 comments
Malware détecté avec Hostinger
skool.com/vibeacademy
La VibeAcademy, c’est l’accompagnement ultime qui transforme ton idée en un projet lancé, propre, rapide et rentable.
Leaderboard (30-day)
1
+15
2
+4
3
+4
4
+3
5
+3
Powered by