2

Suddenly my website became very slow. When I login into my sever with ssh, and checked the cpu utilization, I found host command was utilizing more than 80% cpu. The problem was solved by a server restart. But I am afraid it can be come back. Any explanation of the possible cause?

peterh
  • 4,914
  • 13
  • 29
  • 44
vinayrks
  • 157
  • 1
  • 8
  • 1
    You might want to scan your filesystem for files named "host", to be sure there's only the one (something like `find / -name host 2>&1` should do the trick) – Chris S Feb 19 '14 at 14:46
  • This is the output of your command : /usr/bin/host /usr/src/linux-headers-3.2.0-40/drivers/memstick/host /usr/src/linux-headers-3.2.0-40/drivers/usb/host /usr/src/linux-headers-3.2.0-40/drivers/mmc/host /usr/src/linux-headers-3.2.0-40-virtual/include/config/scsi/sas/host /usr/src/linux-headers-3.2.0-40-virtual/include/config/bcma/host – vinayrks Feb 19 '14 at 18:22
  • Looks reasonable... I can't imagine why it would be doing that. Probably something you'll have to keep an eye on, especially since you don't know how it got started. – Chris S Feb 19 '14 at 19:54
  • I am getting abuse report from amazon , my server is on Amazon EC2 , hackers are using my server to attack on other websites , is host command high usage due to that ? – vinayrks Feb 27 '14 at 15:44
  • Did they say what kind of attack? – Chris S Feb 27 '14 at 16:07
  • this problem is solved by uninstalling sendmail . Somehow hacker got access to my sendmail and using this sending spam to other site – vinayrks Aug 11 '14 at 16:03
  • A better find command is: `sudo find / -executable -type f -name host 2>&1`. In my case, it just returned one result, `/usr/bin/host`. – mlissner Jan 25 '16 at 23:37
  • 1
    Possible duplicate of [/usr/bin/host executed by hacked PHP script](http://serverfault.com/questions/705217/usr-bin-host-executed-by-hacked-php-script) – rsanchez Feb 15 '17 at 19:09

0 Answers0