Results 1 to 5 of 5
Thread: High CPU consumption
-
03-22-2015, 09:44 PM #1Junior Guru Wannabe
- Join Date
- Jul 2009
- Location
- Orlando, Florida
- Posts
- 38
High CPU consumption
grep -r -i -l --include=*.php str_rot13(pack("H\*", "667265707267"))\|str_rot13(pack("H\*", "6775766676667667"))\|include(getcwd().\|pathOnMyHost\|default_action = .*FilesMan.*\|(isset(.*_REQUEST\[.*FILE.*\])){.*_F
26513 admin 20 0 6884 1252 680 D 9.0 0.0 0:02.73
Does anyone knows what this could be? is consuming a lot of cpu and never seen that before
-
03-23-2015, 08:52 AM #2Junior Guru Wannabe
- Join Date
- Jan 2015
- Posts
- 87
Something that is trying to use a rot13 cipher. Although I am not sure what it is doing. If you didn't put it there I would kill it and 000 it. If it belongs to say, one of your customers accounts, ask them what it does and after they let you know you can decide from there.
█ ProfitBricks Painless Cloud Hosting
█ 24/7 Support __ High Redundancy __ Developer Friendly __ Public API __ DataCenter Designer
█ Use your own Images and ISO :: 7-Day Trial Included
-
03-24-2015, 12:44 AM #3Junior Guru Wannabe
- Join Date
- Jul 2009
- Location
- Orlando, Florida
- Posts
- 38
I don't do hosting business anymore. Anyways i have a server and this is consuming too much CPU to the point of crashing it, how can i find what file or process is causing that to happen?
i run wordpress with around 3k to 4k peoples at almost every moment i know server runs over 10k smoothly this started 2 days ago, i also monitor the server very often without ever seen that process. I suspect that I've been hacked maybe?
Server:
Centos 6 with vestacpLast edited by QuickCloudDeploy; 03-24-2015 at 12:54 AM.
-
03-24-2015, 07:24 AM #4WHT Addict
- Join Date
- Mar 2015
- Location
- Cochin
- Posts
- 128
Hi,
This grep script can induce high load in the server as its arguments are too much lengthy.
-
03-24-2015, 07:36 AM #5Junior Guru Wannabe
- Join Date
- Jan 2010
- Location
- London
- Posts
- 55
This looks like it's a security scanner script to search PHP files for exploits.
FilesMan is a common PHP shell used by hackers to find out server info, upload files and generally attempt to exploit servers.
str_rot13 is a method used to try and obfuscate PHP code too, this may well be something your host has automated to scan the server for exploits if you're not aware of what it is, I'd try contacting your support to ask them about this.NetHosted Ltd - UK based hosting solutions.
Similar Threads
-
CPU Power Consumption comparison
By brc_csf in forum Colocation, Data Centers, IP Space and NetworksReplies: 10Last Post: 09-19-2014, 02:52 AM -
Could high traffic consumption be linked to DDoS?
By Lord Northern in forum VPS HostingReplies: 5Last Post: 04-12-2014, 01:15 PM -
Proxy Hosting for high bandwidth, high memory and high CPU needs
By vectro in forum Other Hosting OffersReplies: 0Last Post: 01-21-2013, 10:09 AM -
unknown space consumption - very high no idea how !!!!!!!
By koolnhot in forum Hosting Security and TechnologyReplies: 6Last Post: 07-31-2009, 07:33 AM -
Mysterious VPS Cpu consumption issues - maybe io related?
By w2k3box in forum VPS HostingReplies: 2Last Post: 01-15-2007, 12:27 AM