If you have not upgraded to LUNA 18.104.22.168+ then you should apply this patch.
We discovered a vulnerability that should be patched as soon as possible. This patch works for all LUNA 7 instances.
There have been a couple of reports that indicated a server was used to do crypto mining. Specifically a program called xmrig has been found running on these servers. They seem to place a folder called c3pool in the users home directory and run the program from this location. The user seems to need sudo privileges for this to work. A vulnerability in a software framework Apache Shiro was exploited to affect these servers. You just need to update the Apache Shiro jar files to block this vulnerability.
- Delete the old shiro jars from the following locations ~/LunaImaging/7.x/LUNA/tomcat/luna_apps/
- Add: shiro-all-1.2.6.jar to each of the above lib folders
You can download the file here https://shiro.apache.org/download.html#1.2.xBinary
This direct link might work as well https://repo1.maven.org/maven2/org/apache/shiro/shiro-all/1.2.6/shiro-all-1.2.6.jar
3. Restart LUNA's tomcat