In my case (Ubuntu server) it installed a crypto-miner malware “kdevtmpfsi” and “kinsing” which used entire CPU.
Lots of new users in Openfire and in Security Audit Log many times this:
openfiresupport uploaded plugin plugin.jar
openfiresupport deleted plugin product
OpenfireSupport Successful admin console login attempt
I had to:
- stop the openfire service, delete that plugin from
/var/lib/openfire/plugins - delete all new users
- upgrade to openfire 4.7.5
also get rid of that malware:
killall kdevtmpfsi*; killall kinsing*;- delete files from
/tmpdirectory
It seems clean since then.