I have run a server with 2vcpu and 4 GB of ram. my software setup is apache2+php7.0+drupal-7. I'm facing 100% CPU utilization due to the un-named process called [] and is owned by www-data. (screenshot FYR). looking for solution..click to view top result image
Asked
Active
Viewed 303 times
1 Answers
0
Judging by the fact that it's running as user www-data and it's deliberately un-named, I would guess with high confidence that your server is most likely compromised. Canonical answer here for handling a breached server: How do I deal with a compromised server?
Brennen Smith
- 1,638
- 7
- 11
-
after some research, I'm using gdb tool for finding a location of the process. **www-data automatically creates the files to /tmp dir. if any possibilities to logging which php file creates this files in tmp directory** – kavi britto May 31 '18 at 10:18
-
Take the advice from the link Sven and I posted - ultimately, don't try to salvage it. Nuke the server from orbit and start fresh. – Brennen Smith Jun 04 '18 at 18:58