ubuntu server 14.04 LTS unusual outgoing traffic

Question

I have virtual private host with ubuntu server 14.04 LTS. On this server, we serve web service. We run apache2 and tomcat as web server. apache2 + django1.8 and tomcat8 recently, I observed the server uses 800G out-going traffic per day, but this server is not operational and has no requests.

How can I analyse this problem using simple methods and how can I trace packets?
Using htop, there is a process 123.lock. This process uses 100% cpu. I killed this process but after a few minuets it restarted. What should I do? Relevant Picture

score 0 · Answer 1 · edited Mar 28 '16 at 11:59

0

You could use the command pstree to see which process started 123.lock. Maybe you could reconfigure the parent process to void starting 123.

edited Mar 28 '16 at 11:59

Santa

559
5
15

answered Mar 28 '16 at 09:32

joro

101
2

"init" started this process.this process is so doubtful case I googling in order to find out this process , but not data found! – mahmoud shirivaramini Mar 28 '16 at 09:59

score 0 · Answer 2 · answered Mar 28 '16 at 20:06

0

Most likely your server is compromised. I recommend that you hire a professional system administrator to install a server for you from scratch, and make sure proper precautions are made that no such compromise can happen again.

answered Mar 28 '16 at 20:06

Tero Kilkanen

34,499
3
38
58

ubuntu server 14.04 LTS unusual outgoing traffic

2 Answers2