Suddenly my website became very slow. When I login into my sever with ssh, and checked the cpu utilization, I found host command was utilizing more than 80% cpu. The problem was solved by a server restart. But I am afraid it can be come back. Any explanation of the possible cause?
Asked
Active
Viewed 2,465 times
2
-
1You might want to scan your filesystem for files named "host", to be sure there's only the one (something like `find / -name host 2>&1` should do the trick) – Chris S Feb 19 '14 at 14:46
-
This is the output of your command : /usr/bin/host /usr/src/linux-headers-3.2.0-40/drivers/memstick/host /usr/src/linux-headers-3.2.0-40/drivers/usb/host /usr/src/linux-headers-3.2.0-40/drivers/mmc/host /usr/src/linux-headers-3.2.0-40-virtual/include/config/scsi/sas/host /usr/src/linux-headers-3.2.0-40-virtual/include/config/bcma/host – vinayrks Feb 19 '14 at 18:22
-
Looks reasonable... I can't imagine why it would be doing that. Probably something you'll have to keep an eye on, especially since you don't know how it got started. – Chris S Feb 19 '14 at 19:54
-
I am getting abuse report from amazon , my server is on Amazon EC2 , hackers are using my server to attack on other websites , is host command high usage due to that ? – vinayrks Feb 27 '14 at 15:44
-
Did they say what kind of attack? – Chris S Feb 27 '14 at 16:07
-
this problem is solved by uninstalling sendmail . Somehow hacker got access to my sendmail and using this sending spam to other site – vinayrks Aug 11 '14 at 16:03
-
A better find command is: `sudo find / -executable -type f -name host 2>&1`. In my case, it just returned one result, `/usr/bin/host`. – mlissner Jan 25 '16 at 23:37
-
1Possible duplicate of [/usr/bin/host executed by hacked PHP script](http://serverfault.com/questions/705217/usr-bin-host-executed-by-hacked-php-script) – rsanchez Feb 15 '17 at 19:09