| From: | Jeff Janes <jeff(dot)janes(at)gmail(dot)com> |
|---|---|
| To: | Rajesh Kumar <rajeshkumar(dot)dba09(at)gmail(dot)com> |
| Cc: | Pgsql-admin <pgsql-admin(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Error |
| Date: | 2023-11-05 16:54:12 |
| Message-ID: | CAMkU=1zEyXDhb5k8=WKZ94iCs_7CGejL_GfJ=PwCAJeE2E0+DA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Sun, Nov 5, 2023 at 10:00 AM Rajesh Kumar <rajeshkumar(dot)dba09(at)gmail(dot)com>
wrote:
> Hi all,
>
> I am receiving the following error in postgres log:
>
> FATAL,57P01,"terminating connection due to administrator command"...
>
Surely there is more stuff in the log file than that. Maybe you could
expand the scope of what you quote. And include timestamps.
> How to resolve this?
>
>
There has recently been a spate of hacking attacks where the hackers
shutdown the server after starting up their payload. I'm not sure why, as
that will surely draw attention to themselves. Maybe it is to keep out
competing gangs of hackers, or maybe their payoff is now extortion (rather
than cryptomining which was very popular in the past) and so they want to
draw attention to themselves (although evidently they would be failing at
it, as you don't seem to know about their attempt yet, just its effect on
uptime). Look for new tables containing ransom notices as their contents.
Anyway, make sure you aren't being sloppy about security. Change your
passwords, especially for PostgreSQL superuser accounts, make those new
passwords actually be good ones. Better yet, also prohibit non-local
superuser connections in the first place.
Cheers,
Jeff
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff Janes | 2023-11-05 21:34:21 | Re: Not able to connect specific database |
| Previous Message | Tom Lane | 2023-11-05 16:19:25 | Re: Error |