-3

i have a Centos 5 server which hosted asterisk 13. server works fine last week but now top command always show me a process with large amount of CPU usage. when i kill the process a few second later another command with large CPU usage started. many times processes command is ".syslog" but have other command like "qjennjifes", "vnvebynufu" and another unknown commands like that.

sadegh
  • 153
  • 2
  • 14
  • https://serverfault.com/questions/218005/how-do-i-deal-with-a-compromised-server/218011#218011 – Mat Mar 19 '18 at 08:30

1 Answers1

0

1) Check you have firewall and fail2ban recomended settings

2) Check you have no DoS/DDoS by "sip show channels"

3) Check your system not hacked/no broken soft on your host.

arheops
  • 15,544
  • 1
  • 21
  • 27
  • thank you, .syslog command usage fixed by blocking ddos attackers ip, but commands like "qjennjifes", "vnvebynufu" and ... is still have high cpu usage. after kill, another command runed. – sadegh Mar 19 '18 at 21:11
  • Only one correct fix can be done : copy all voip config and stats to other host, reinstall all, restore from backup and NOT FORGET put firewall(better if firewall all except providers and clients). – arheops Mar 19 '18 at 22:46