Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    100 cpu usage /opt/yam

    General pfSense Questions
    4
    9
    551
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Chris-tia-n last edited by

      Hello
      I have been using pfsense for a hvile now when I logged in today cpu usage was 100 and to identical process/command were taking it all but I don't know what they are:
      /opt/yam -c 2 -m stratum+tcp://thevoid2….

      Was is it and why is it using all of my cpu. I have searched here and google and can't fint that command

      Thanks

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        Google says it looks like a bitcoin miner. It is certainly not something from a default install or legitimate package.

        Did you change the default password?

        Did you open up https webgui or ssh or any other firewall-hosted services to the Internet?

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • C
          Chris-tia-n last edited by

          I have standard firewall settings. Ssh is enabled but is it open from the outside by default? Yes I have changed the password. I am running openvpn as well.

          How is it possible for someone to get into the machine?

          1 Reply Last reply Reply Quote 0
          • ivor
            ivor last edited by

            @Chris-tia-n:

            I have standard firewall settings. Ssh is enabled but is it open from the outside by default? Yes I have changed the password. I am running openvpn as well.

            How is it possible for someone to get into the machine?

            Not possible without seriously flawed configuration. Someone had to get access to your router and install the mining software.

            Need help fast? Our support is available 24/7 https://www.netgate.com/support/

            1 Reply Last reply Reply Quote 0
            • C
              Chris-tia-n last edited by

              Ok so if I haven't changed anything in the default firewall settings it must be something else. I have pfsense installed on unraid Maybe unraid have exposed Something through the wan port.

              Unraid is bridging the wan port to pfsense is that a problem? Should it be passed through directly to be secure? Pfsense is the only vm running on the server right now.

              1 Reply Last reply Reply Quote 0
              • ivor
                ivor last edited by

                @Chris-tia-n:

                Ok so if I haven't changed anything in the default firewall settings it must be something else. I have pfsense installed on unraid Maybe unraid have exposed Something through the wan port.

                Unraid is bridging the wan port to pfsense is that a problem? Should it be passed through directly to be secure? Pfsense is the only vm running on the server right now.

                It could be, however I would need more information about your network layout. How did you configure unraid and pfSense? If the host is compromised then all the virtual machines are in danger of being compromised as well.

                Need help fast? Our support is available 24/7 https://www.netgate.com/support/

                1 Reply Last reply Reply Quote 0
                • C
                  Chris-tia-n last edited by

                  I did some test. When I restart unraid ssh and the web configurable is accessible from the internet.

                  Thank you for your help. I will buy a Ethernet card so I can pass it directly to pfsense and not through unraid.

                  1 Reply Last reply Reply Quote 0
                  • Derelict
                    Derelict LAYER 8 Netgate last edited by

                    Also choosing a stronger password is probably in order.

                    Use a password generator like Keychain Access, Lastpass, etc.

                    Chattanooga, Tennessee, USA
                    The pfSense Book is free of charge!
                    DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • P
                      pfBasic Banned last edited by

                      Yeah, and key + pass auth for everything internet facing.

                      There was a thread not too long ago where a users pfSense box was accessed via VPN with a weak password.

                      Use keys anywhere you can.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post