HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=25)
-   -   CPU usage (http://www.howtoforge.com/forums/showthread.php?t=57721)

skoena 24th June 2012 15:36

CPU usage
 
I have a huge cpu usage on PERL? What could be causing this?

Quote:

13799 www-data 20 0 4720 2408 980 R 99 0.1 3958:33 perl

till 24th June 2012 17:44

Its a perl script running in one of your websites.

skoena 26th June 2012 13:51

Is there a way to find out which script is causing this?

skoena 4th July 2012 21:15

klogd -x is eating my CPU.
What can I do about it?

Quote:

32131 www-data 20 0 4720 2336 912 R 101 0.1 93:06.68 klogd -x

till 5th July 2012 10:28

Try to find the program file with the find command, I guess it must be somwhere in /var/www or /tmp (not in /usr or other system directories). This is most likely a hcked or trojan script that uses the name of a common Linux application (klogd) to hide itself. But the real klogd would never run as www-data, so this fake program must be somewhere in one of your sites or in the tmp folder.

skoena 5th July 2012 13:40

Till,
Tnx when the CPU is high again will try fo FIND it. (with "FIND KLOGD" right?)

Btw when I reboot the server the high usage and the klogd is stopped.

till 5th July 2012 18:40

Linux is case sensitive, so the find command as well as the name of the application have to be in lowercase. See:

man find

for all options of the find command.

skoena 18th July 2012 07:51

Tried to find klogd but
"find: `klogd': No such file or directory"

This issue is not always running, 1 per 2 weeks this issue is there.

cfoe 18th July 2012 11:20

Quote:

Originally Posted by skoena (Post 282266)
Tried to find klogd but
"find: `klogd': No such file or directory"

This issue is not always running, 1 per 2 weeks this issue is there.

if it is malware then there is some kind of vulnerability to let it get uploaded and started. When you restart the process is not run on startup but the vulnerability is still there. It might be exploited again when the "hacker" realizes it is not running anymore.

skoena 18th July 2012 11:27

Tnx.
Any tips for locating the script that is causing this?
Because "find klogd" is not working.


All times are GMT +2. The time now is 00:27.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.