Skip to main content

Grep Commands running with CPU use of 90% - High server load

Comments

5 comments

  • quizknows
    That command looks like it's searching for common strings found in malware files. Perhaps someone is doing a DIY virus scan.
    0
  • cPanelMichael
    Hello :) Does anyone else have root access to your server? If so, you could try using the "w" command to verify if they are actively running the grep command. Thank you.
    0
  • jacksoft
    ]Hello :) Does anyone else have root access to your server? If so, you could try using the "w" command to verify if they are actively running the grep command. Thank you.

    When i type w, it shows only my IP Also todday one one of user where we host 10 domains, we found many php files in many directories with malciuous code, i can attach code, the files search header.php and main.tpl in all sites and insert iframe code Other files are of other malicious nature I am most worried about grep command
    0
  • cPanelMichael
    It seems like your system may have been hacked. It's difficult to pinpoint the specific vulnerability or exploit used by an attacker to hack your websites, or to verify if that actually happened. One could speculate on common methods (e.g. symlink attack), but it really requires a qualified system administrator to investigate the logs on your server and determine the source of the attack. There is a thread here where a similar question is asked: Log Files To Check After Account Hacked Thank you.
    0
  • quizknows
    The grep command itself can only look for files with that code; most likely a person or plugin was investigating their hacked site and using that command to locate malicious files. It is normal for grep commands to use a lot of CPU especially if the regex is poor or if a ton of files are being "grepped." Knowing what UID / user was running the command would help a lot more, perhaps run "ps faux" and see what UID is running it or if there's a parent process it's forked off of.
    0

Please sign in to leave a comment.