My VPS have been infected by the kdevtmpfsi malware, twice. That's the problem, because I've taken every possible precaution after being infected for the first time, and I have no idea how I'm being infected again this time.
Both cases are because of the postgres docker container. After being infected first time,
- I'm using a 20-chars strongest
POSTGRES_PASSWORDto start the officialpostgresdocker image, - and I've removed the port mapping from docker container to the host.
The postgres can only be accessed by another docker container (not even by the host), using a docker network I created myself. Such docker container was started from cosmtrek/air, a Go based live building environment, and my Go web application is super simple, which doesn't even serve the / root.
The Go air docker container is the only one having its port mapping from docker container to the host, thus expose to the world.
Yet, the postgres docker container was infected again, under the condition that I deemed impossible.
Any hints please. thx.
PS. I'm going to start the official postgres docker image again as before, but no Go web this time, to prove the infection has nothing to do with my Go app. Let's see...
