this is a follow up for this issue Usually, a few hours after a restart we would get a weidly named process like this htop output Turns out it was from out docker postgresql service and the posgres logs are just spams of authentication failure for user postgres, around 3 per second
Connection matched file "/var/lib/postgresql/data/pg_hba.conf" line 170: "host all all all scram-sha-256" 2023-12-10 00:56:21.090 UTC [20986] FATAL: password authentication failed for user "postgres"
I tried some commands from the previous post and this is the output
❯ sudo ls -l /proc/729597/exe
[sudo] password for vchitanu:
lrwxrwxrwx 1 lxd docker 0 Dec 17 16:25 /proc/729597/exe -> '/memfd: (deleted)'
❯ sudo ls -l /proc/729597/cwd
lrwxrwxrwx 1 lxd docker 0 Dec 18 10:04 /proc/729597/cwd -> /proc/37027/fd
❯ sudo ls -l /proc/729597/root
lrwxrwxrwx 1 lxd docker 0 Dec 18 10:04 /proc/729597/root -> /
Chat gpt said the behavior resembles malware. Is the database container under a brute force attack?