today,I find a Mining procedure on my computer, the path show the /scope

[youyouvi]

What you expected to happen?

What happened?

How to reproduce it?

Anything else we need to know?

Versions:

$ scope version
$ docker version
$ uname -a
$ kubectl version

Logs:

$ docker logs weavescope

or, if using Kubernetes:

$ kubectl logs <weave-scope-pod> -n <namespace> 

[bboreham]

Can you give more detail? That’s not really enough information to do anything with.

Those bits at the end, like version and logs, you are supposed to run the command and paste the output here.

Use the address security@weave.works if it is confidential or you are reporting a vulnerability.

[youyouvi]

This morning, I found the mining program on the server I managed, disguised as a MySQL user. So I used the "ls/proc/pid/cwd" instruction and found that the path pointed to / scope. So I executed rm-rf/usr/local/bin/scope and rm-rf/run/scope. Weave is installed according to the instructions on GitHub。 Sorry，my english is poor

…

------------------ 原始邮件 ------------------ 发件人: "Bryan Boreham"<notifications@github.com>; 发送时间: 2019年5月27日(星期一) 下午3:29 收件人: "weaveworks/scope"<scope@noreply.github.com>; 抄送: "yo.vi"<yo.vi@foxmail.com>;"Author"<author@noreply.github.com>; 主题: Re: [weaveworks/scope] today,I find a Mining procedure on mycomputer, the path show the /scope (#3624) Can you give more detail? That’s not really enough information to do anything with. Those bits at the end, like version and logs, you are supposed to run the command and paste the output here. Use the address security@weave.works if it is confidential or you are reporting a vulnerability. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

[bboreham]

Is your server open to the Internet? In the installation instructions we warn " the Scope app endpoint (port 4040) should not be made accessible on the Internet"

[youyouvi]

Yes, my server open to the Internet

…

---Original--- From: "Bryan Boreham"<notifications@github.com> Date: Tue, Jul 9, 2019 19:03 PM To: "weaveworks/scope"<scope@noreply.github.com>; Cc: "Author"<author@noreply.github.com>;"yovi"<yo.vi@foxmail.com>; Subject: Re: [weaveworks/scope] today,I find a Mining procedure on my computer, the path show the /scope (#3624) Is your server open to the Internet? In the installation instructions we warn " the Scope app endpoint (port 4040) should not be made accessible on the Internet" — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

[bboreham]

OK, suggest you use a firewall to block port 4040 from public access (indeed, block all ports you don't explicitly need to open).
We do try to warn about this in the installation instructions - I've created #3650 to cover another place where users might arrive first.