I recently noticed an exceptionally high outbound bandwidth from my Ubuntu 22.04 server. I saw a process with a random name (something like sdfgardfh) with a high CPU usage, and suspected that it caused the bandwidth overage. I killed the process, but immediately afterwards, a new similar process started, with a different random name (something like ktsdfyhr). I rebooted the server, but immediately after the reboot, I saw a third process with a different random name (something like fkjytedb). I suspect some malicious code is running on my server. How can I debug this?
Asked
Active
Viewed 20 times
0
Erel Segal-Halevi
- 141
- 6
-
Have you scanned with clamav or chkrootkit? [https://www.chkrootkit.org] – Gmck Jul 06 '23 at 18:44