I see it in the top -c
Then I run strace of this process and see a lot of select(8, [3], NULL, NULL, {0, 0}) = 0 (Timeout)
What should I do next? How can I find the reason of this? Any help much appreciated
Asked
Active
Viewed 2,120 times
3
HopelessN00b
- 53,795
- 33
- 135
- 209
Mikhail
- 549
- 1
- 4
- 10
-
2Notice how that process is running as user nobody and has a high PID? I'm almost certain that your server was compromised. – faker Dec 07 '14 at 11:54
1 Answers
2
Run lsof -p 21078 and record the output. Kill the process. Delete the files associated with that process.
Since you have CentOS, you may want to find out how they got in. That's a deeper exercise beyond the scope of this question, but download and run chkrootkit and possibly verify your RPMs to start.
ewwhite
- 197,159
- 92
- 443
- 809
-
I did `lsof`, output below. Do you have ideas what it means? http://joxi.ru/nAyz0e0hjLj0rZ – Mikhail Dec 07 '14 at 18:23