sustes command and wc.conf crypto mining hack

Question

I have noticed this command running "sustes" and I'm having a hard time finding information about it.

It seems to be a mining hack using servers to mine cryptocurrencies.

wc.conf in the /var/tmp directory (and this conf references cryptonight algo and pools of IPs for mining)

Has anyone else had this issue and if so what is the best way to remove and stop this hack?

score 2 · Answer 1 · answered Sep 07 '18 at 06:07

2

This was a remote hack taking advantage of a vulnerability in solr. To fix this upgrade your solr to a newer patched version.

answered Sep 07 '18 at 06:07

Graphics Factory

1 Answers1