1 Comment

Let me correct you a bit. The kinsing malware, like me, trying to use SLAVE OF & MODULE LOAD on redis 4+ to load redis module with reverse shell, after that starting their main go program etc. Like you said, kinsing using config to change directory (to tempdir). But even if u disable CONFIG u are still vulnerable, cuz there's no need to change anything in your config (in most cases).

Tbh, i'm a bit surprised. What IP you have? ^_^ Do you have file "/shm"? Most likely, your redis system is pretty fresh or recently rebooted (or just low mem/one core), cuz i'm hooking and disabling MODULE, CONFIG (if uid=0), etc commands on the majority of redis 4+ systems, which you probably have...

Btw, working on 100% cpu is awful for miner, disrespect to kinsing for that. Also, please don't completely trust htop.. for example, my "soft" will be paused or forked in this case / on pts allocation.

P.S. I'm trying to build mining system with near zero impact on host operations (of couse, except for electrical costs :P), but it must be simple.

[my assumption here is that If i harm their work or feelings, it's much worse than wasting $2-3 a month and environmental impact, as bonus no kinsing anymore]

Any suggestions? :-D (often don't have root for my lovely driver or for cgroups/systemd cpu limits)

Expand full comment