I have a DigitalOcean droplet that hosts a small website with pretty much no traffic. Yesterday, I received an alert that my CPU was over 95%. Normally it runs between 1% to 5%. In the "bandwidth" chart on my DigitalOcean dashboard, the outbound traffic suddenly increased by a lot as seen in this screenshot :
Outbound traffic means that it's my server that is sending the requests outside, am I right?
I logged in through SSH to check what was going on and using the following command :
sudo tcpdump -s 0 -A 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420'
I see lots of suspicious GET requests, for example :
GET http://www.youcha.net/?fmfp0cslczu HTTP/1.1
Host: www.youcha.net
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
user-agent: Baiduspider-image+(+http://www.baidu.com/search/spider.htm)
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-HK,zh;q=0.9,en;q=0.8,zh-CN;q=0.7,en-US;q=0.6
Cache-Control: max-age=0
Connection: keep-alive
GET https://www.06681.com/mhgg?d2i6luc5eo8 HTTP/1.1
Host: www.06681.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
user-agent: Baiduspider-image+(+http://www.baidu.com/search/spider.htm)
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-HK,zh;q=0.9,en;q=0.8,zh-CN;q=0.7,en-US;q=0.6
Cache-Control: max-age=0
Connection: keep-alive
Is it what is causing the CPU to run high? I could simply recreate a new droplet but I would really like to know the origin of this problem and how to fix it so it does not occur again in the future. Do you have an idea of what is the problem here?
