Hi, A bot is using a solr vulnerability to install a malware on linux servers: https://nvd.nist.gov/vuln/detail/CVE-2017-12629 In solr logs, you can see when the bot exploited this vulnerability: ``` sed -n -e '/-listener/,/INFO/ p' /var/solr/logs/solr.log* ``` This attack adds a file /var/solr/data/*/conf/configoverlay.json Here are some resources for those having been affected: https://www.alibabacloud.com/blog/return-of-watchbog-exploiting-jenkins-cve-2018-1000861_594798 https://github.com/blackrangersoftware/kill4watchbog/blob/master/kill4watchbog.sh **Please @apbassi89, @davidverholen, @steverobbins, @wigman, can you consider making your extension compatible with solr > 7.1?** Best Regards, A.L.
Hi,
A bot is using a solr vulnerability to install a malware on linux servers:
https://nvd.nist.gov/vuln/detail/CVE-2017-12629
In solr logs, you can see when the bot exploited this vulnerability:
This attack adds a file /var/solr/data/*/conf/configoverlay.json
Here are some resources for those having been affected:
https://www.alibabacloud.com/blog/return-of-watchbog-exploiting-jenkins-cve-2018-1000861_594798
https://github.com/blackrangersoftware/kill4watchbog/blob/master/kill4watchbog.sh
Please @apbassi89, @davidverholen, @steverobbins, @wigman, can you consider making your extension compatible with solr > 7.1?
Best Regards,
A.L.