Am I mining to somebody?

Hi, I've just created a container from [this image](https://hub.docker.com/r/minecraft101/minecraft-server), which is the most popular image when one searches Minecraft on DockerHub. After it started I ran `docker container mc top`, and I found something really strange:
`/usr/xmrig/build/xmrig --url=*******:**** --tls --cpu-priority=0 --cpu-max-threads-hint=25 --background`

The `--url` has a legit IPv4 address which is located in Netherlands according to IP geolocation, I just blurred it out.

[Is this some kind of mining node](https://xmrig.com/docs/miner)?
I'm not a crypto guy but it really seems like it, yes?
I've tried to report it somehow to Docker but couldn't find the button for it. Can/should it be reported?

Thanks

15 thoughts on “Am I mining to somebody?”

  1. > which is the most popular image when one searches Minecraft

    Someone’s learned how to game the rankings. No way a 13 day old image would pass the sniff test. No github, one image, no stars, from a new user?

    Reply
  2. When you google docker hub Minecraft then you get itzg servers in the first results. That’s what you should use (java versions and bedrock are separate)

    Reply
  3. And this is why some companies require scanning of files using an antivirus, even on Linux. ClamAV detected this as follows:

    …/layer_gzip.tar: Multios.Coinminer.Miner-6781728-2 FOUND

    Reply
  4. >Can/should it be reported?

    This is a good question. Docker Hub has verified publisher images, which you should be able to trust, so suspicious behavior should be reportable for those… but everything else is a “free for all”, so there’s little to report, non-verified images are supposed to be untrusted by default.

    Don’t use it, don’t star it, and check the Dockerfile, layer history, content, and behavior on your own.

    Reply
  5. I had the same container show up on mine too. Was checking through my containers and discovered xmrig had been installed for a whole week without me realising. No idea if someone managed to get into my Portainer instance or if it came down with an automated update via Watchtower.

    Reply
  6. I can suggest my own Docker image for Minecraft, everything gets built by GitHub Actions and published to DockerHub and Quay: webhippie/minecraft-vanilla

    Reply
  7. *Legit Psychedelic/Iboga PLUG*
    Lsd, dmt, shrooms, ket, salvia , 2cb, mescaline, wax, weed, Codeine, carts, vapes, mdma, opana or morpho and African Psychedelics/Iboga Wickr ID:( psychevendor ) . Email copy and paste. ( [email protected] )

    Reply

Leave a Comment