[dawnerd]

I see this a lot with redis in docker compose as well. I've even done it by mistake.

Also why the heck doesn't redis have auth by default. It's so ridiculously easy to get "hacked" and inadvertently run a crypto miner.

[WJW]

Can you run a crypto miner as a lua script in Redis? That is actually kinda cool tbh. You'd notice pretty quickly since Redis won't respond anymore.

[dawnerd]

Little more complex than that. They issue a command that ends up downloading a bunch of shell scripts and goes from there. Does a lot of other nasty things too like trying to steal any ssh key on the machine to presumably use those machines to mine.

Luckily running inside of docker prevents a lot of that by default.

It is very noticeable though when you log into your dev server and the cpu is pegged at 100%.

I copied some of what it did here: https://gist.github.com/dawnerd/50915749d05d865025b447d5941f...