This problem is spreading to other services running on this machine, we have been having this problem for a few months now and don’t know where this is coming from. None of us are doing updates on this machine, even if we kill the process it comes back after about 30 minutes.
I read the post of another user who had also described this problem, it may be that this process is a miner. can someone help us understand this problem and where this process comes from?
We using GitLab Community Edition 14.4.2 on Ubuntu 18.04.6 LTS
Gitlab doesn’t include Java. Since this is running as the git user, means this is a compromised installation of Gitlab - running a cryptominer that is pretending to be a java process.
You will have to check crontab, cron jobs in /etc/cron.d or user cronjobs as git or other users on the system since this is most likely why it’s running again after 30 minutes.
Upgrade your gitlab, maybe even think about making a backup and restoring to a new server. Unless you can find the way the process is being launched, be it cron or something else. Either way, a compromised server, should really be destroyed. Restoring to a new server will at least ensure it’s clean, but you still need to upgrade Gitlab regularly to ensure you are not vulnerable. 14.4.2 is old.
You will need to follow the upgrade path since your version is old, if you attempt to upgrade directly to the latest available, you will break your Gitlab installation.
