Results 1 to 5 of 5
  1. #1
    Join Date
    Jul 2009
    Location
    Orlando, Florida
    Posts
    38

    High CPU consumption

    grep -r -i -l --include=*.php str_rot13(pack("H\*", "667265707267"))\|str_rot13(pack("H\*", "6775766676667667"))\|include(getcwd().\|pathOnMyHost\|default_action = .*FilesMan.*\|(isset(.*_REQUEST\[.*FILE.*\])){.*_F
    26513 admin 20 0 6884 1252 680 D 9.0 0.0 0:02.73

    Does anyone knows what this could be? is consuming a lot of cpu and never seen that before

  2. #2
    Quote Originally Posted by Backhost US Network View Post
    grep -r -i -l --include=*.php str_rot13(pack("H\*", "667265707267"))\|str_rot13(pack("H\*", "6775766676667667"))\|include(getcwd().\|pathOnMyHost\|default_action = .*FilesMan.*\|(isset(.*_REQUEST\[.*FILE.*\])){.*_F
    26513 admin 20 0 6884 1252 680 D 9.0 0.0 0:02.73

    Does anyone knows what this could be? is consuming a lot of cpu and never seen that before
    Something that is trying to use a rot13 cipher. Although I am not sure what it is doing. If you didn't put it there I would kill it and 000 it. If it belongs to say, one of your customers accounts, ask them what it does and after they let you know you can decide from there.
    ProfitBricks Painless Cloud Hosting
    24/7 Support __ High Redundancy __ Developer Friendly __ Public API __ DataCenter Designer
    Use your own Images and ISO :: 7-Day Trial Included

  3. #3
    Join Date
    Jul 2009
    Location
    Orlando, Florida
    Posts
    38
    I don't do hosting business anymore. Anyways i have a server and this is consuming too much CPU to the point of crashing it, how can i find what file or process is causing that to happen?

    i run wordpress with around 3k to 4k peoples at almost every moment i know server runs over 10k smoothly this started 2 days ago, i also monitor the server very often without ever seen that process. I suspect that I've been hacked maybe?

    Server:
    Centos 6 with vestacp
    Last edited by QuickCloudDeploy; 03-24-2015 at 12:54 AM.

  4. #4
    Join Date
    Mar 2015
    Location
    Cochin
    Posts
    128
    Hi,

    This grep script can induce high load in the server as its arguments are too much lengthy.

  5. #5
    Join Date
    Jan 2010
    Location
    London
    Posts
    55
    This looks like it's a security scanner script to search PHP files for exploits.

    FilesMan is a common PHP shell used by hackers to find out server info, upload files and generally attempt to exploit servers.

    str_rot13 is a method used to try and obfuscate PHP code too, this may well be something your host has automated to scan the server for exploits if you're not aware of what it is, I'd try contacting your support to ask them about this.
    NetHosted Ltd - UK based hosting solutions.

Similar Threads

  1. CPU Power Consumption comparison
    By brc_csf in forum Colocation, Data Centers, IP Space and Networks
    Replies: 10
    Last Post: 09-19-2014, 02:52 AM
  2. Could high traffic consumption be linked to DDoS?
    By Lord Northern in forum VPS Hosting
    Replies: 5
    Last Post: 04-12-2014, 01:15 PM
  3. Replies: 0
    Last Post: 01-21-2013, 10:09 AM
  4. unknown space consumption - very high no idea how !!!!!!!
    By koolnhot in forum Hosting Security and Technology
    Replies: 6
    Last Post: 07-31-2009, 07:33 AM
  5. Replies: 2
    Last Post: 01-15-2007, 12:27 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •