-
I checked crontab, and nothing except the CRM and a certbot, well, this will remain unknown, for nowLeave a comment:
-
Or something else is making requests. You see ChildRuntime.php because it's doing its job – running multiple jobs.Leave a comment:
-
Hi,
This library is utilized to execute jobs in parallel processes. It's unlikely to contain troyan. Spatie is quite reputable vendor. Could be that your instance is making these requests using cron somehow.Leave a comment:
-
What this composer package is doing? We need for the CRM?
vendor/spatie/async/src/Runtime/ChildRuntime.php
Do you think this package could be the main troyan?
Leave a comment:
-
Abuse report from AWS, /vendor/spatie?
Hey guys, just got a message from AWS,
The following of your IPs are taking part in Layer 7 DDoS against us and creating thousands of requests, mostly between 20:10 and 21:30 today (13 April 2023).
2023-04-13 20:22:06.000 n095177 haproxy[30305]: 34.219.156.153:59648 [13/Apr/2023:20:18:24.023] genfrontend_24010-bmzin_prod_www~ genfrontend_24010-bmzin_prod_www/<NOSRV> 222498/-1/-1/-1/222498 403 192 - - PR-- 149478/145473/0/0/0 0/0 {www.ukraine-wiederaufbauen.de|Mozilla/5.0 (Linux; Android 10; LM-Q710(FGN)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.79 Mobile Safari/537.36|https://www.ukraine-wiederaufbauen.de/|221.101.98.41|||d2800626d3336a5322c2041f32b807cc| |id-ecPublicKey} OPTIONS https://www.ukraine-wiederaufbauen.de/ HTTP/2.0
This machine is a backup of the CRM, that was active for completely other purposes, I logged in and it shows it had these connections, and this process running. This server has an ESPO-CRM only (apache/php/mariadb)
I moved it to a "quarantine", but now I have to figure out what actually happened, any advice?
Last edited by Russ; 04-15-2023, 07:02 PM.
Open source CRM support forum
- If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.
Powered by vBulletin® Version 6.1.5
Copyright © 2026 MH Sub I, LLC dba vBulletin. All rights reserved.
Copyright © 2026 MH Sub I, LLC dba vBulletin. All rights reserved.
All times are GMT. This page was generated at 01:05 PM.
Working...
👍
Leave a comment: