Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    100 cpu usage /opt/yam

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 4 Posters 840 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Chris-tia-n
      last edited by

      Hello
      I have been using pfsense for a hvile now when I logged in today cpu usage was 100 and to identical process/command were taking it all but I don't know what they are:
      /opt/yam -c 2 -m stratum+tcp://thevoid2….

      Was is it and why is it using all of my cpu. I have searched here and google and can't fint that command

      Thanks
      Screenshot_20170723-224446.png
      Screenshot_20170723-224446.png_thumb

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Google says it looks like a bitcoin miner. It is certainly not something from a default install or legitimate package.

        Did you change the default password?

        Did you open up https webgui or ssh or any other firewall-hosted services to the Internet?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • C
          Chris-tia-n
          last edited by

          I have standard firewall settings. Ssh is enabled but is it open from the outside by default? Yes I have changed the password. I am running openvpn as well.

          How is it possible for someone to get into the machine?

          1 Reply Last reply Reply Quote 0
          • ivorI
            ivor
            last edited by

            @Chris-tia-n:

            I have standard firewall settings. Ssh is enabled but is it open from the outside by default? Yes I have changed the password. I am running openvpn as well.

            How is it possible for someone to get into the machine?

            Not possible without seriously flawed configuration. Someone had to get access to your router and install the mining software.

            Need help fast? Our support is available 24/7 https://www.netgate.com/support/

            1 Reply Last reply Reply Quote 0
            • C
              Chris-tia-n
              last edited by

              Ok so if I haven't changed anything in the default firewall settings it must be something else. I have pfsense installed on unraid Maybe unraid have exposed Something through the wan port.

              Unraid is bridging the wan port to pfsense is that a problem? Should it be passed through directly to be secure? Pfsense is the only vm running on the server right now.

              1 Reply Last reply Reply Quote 0
              • ivorI
                ivor
                last edited by

                @Chris-tia-n:

                Ok so if I haven't changed anything in the default firewall settings it must be something else. I have pfsense installed on unraid Maybe unraid have exposed Something through the wan port.

                Unraid is bridging the wan port to pfsense is that a problem? Should it be passed through directly to be secure? Pfsense is the only vm running on the server right now.

                It could be, however I would need more information about your network layout. How did you configure unraid and pfSense? If the host is compromised then all the virtual machines are in danger of being compromised as well.

                Need help fast? Our support is available 24/7 https://www.netgate.com/support/

                1 Reply Last reply Reply Quote 0
                • C
                  Chris-tia-n
                  last edited by

                  I did some test. When I restart unraid ssh and the web configurable is accessible from the internet.

                  Thank you for your help. I will buy a Ethernet card so I can pass it directly to pfsense and not through unraid.

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    Also choosing a stronger password is probably in order.

                    Use a password generator like Keychain Access, Lastpass, etc.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • P
                      pfBasic Banned
                      last edited by

                      Yeah, and key + pass auth for everything internet facing.

                      There was a thread not too long ago where a users pfSense box was accessed via VPN with a weak password.

                      Use keys anywhere you can.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.