0

I noticed that command sshd consume more than 100% cpu usage on EC2 Server. I'm attaching screenshot which is result of command top. enter image description here

For information : I've installed solr.Unfortunately this command use solr user. I can't get any solution for resolve this issue.

Olaf Kock
  • 46,930
  • 8
  • 59
  • 90
Mitesh Vasava
  • 707
  • 6
  • 13
  • 2
    My guess is that your server has been compromised by having your Solr server open to the whole world. The name of the command is not relevant, as it's probably just set to `ssh2` to try to hide it. Image/backup the server, nuke it, reinstall the relevant software and make sure you firewall away access to your services properly. – MatsLindh Nov 18 '19 at 07:47
  • @MatsLindh I found that my firewall is disabled. Is there virus in my system which is affected to solr?. What you think? – Mitesh Vasava Nov 18 '19 at 08:51
  • @MatsLindh I've already put authentication to access solr server. – Mitesh Vasava Nov 18 '19 at 08:58
  • If you're not comfortable in doing the forensic work yourself to find out what the `sshd2` process is (i.e. you don't know enough about these things), it'd probably be a good time to find someone to help you in a more detailed way. Usually these sorts of worms are installed through bots looking for open, standardized ports to try to exploit the running software. It's very hard to say that they haven't replaced core functionality of your OS with their own, trojaned versions without detailed knowledge about what is installed and the binary signatures. – MatsLindh Nov 18 '19 at 13:42

0 Answers0