Gitlab , git juma

Hello guys,

I am running GCE 12.8.2 and it ran smoothly until few days back.
Currently, I am experiencing, slow performance when I browse on gitlab.webagentur-bb.com
then if I check the top processes on, user git with command “juma” runs constantly and it process cant be killed normally, it takes a 50% -100 % CPU and RAM resources. I tried to do an upgrade but it fails.
My SSH keys are not anymore valid, not sure why. Its really strange. Did any had exp. with something like this?
I attached my current processes that are running.
Please help, Thanks

See my post here. Sounds like your gitlab has been compromised due to a vulnerability. You need to upgrade to latest following upgrade path and also disable that process running as git.

1 Like

Thank you very much.

hey @danijel
were you able to remove the juma process and is the gitlab working fine now?
If so, can you like help me out?
Maybe you can tell the steps you followed?

hello hari,

with this command you can locate where is the file located,
10223 is PID

ls -l /proc/10223/exe

after I deleted it from tmp folder, I still had some processes running as git user, so I track them all and removed and made some permission changes
after that I upgraded to 12.10.14 works fine now

apt install gitlab-ce=12.10.14-ce.0

hi
i have the same problem
i am trying to kill juma, but it restarts again.
after i tied to find where it is located, but it was already deleted from /tmp forlder. so i am stuck.
And what permission did you change?

Hi,

u can create new file and change permission on that file so that only root can access it, so with it won’t be able to replace it.

I had to upgrade it to the version 13.12.10 . There is a specific upgrade path that u must follow. BTW best to back up manually before u proceed bcs automatic backup didn’t work for me, so I skipped.