A server getting mad

To: debian-user@lists.debian.org
Subject: A server getting mad
From: rudu <rudu@cegetel.net>
Date: Wed, 14 Oct 2015 18:50:34 +0200
Message-id: <[🔎] 561E87DA.6050404@cegetel.net>

Hello,

I'm in search of advice here as I don't know where to start.
A server has been running backuppc nicely for several years.

And then a couple of months ago, it began to eat up the bandwidth of thelocal network.I don't have much information now as it's a remote location and I can'tget a connection when the problem occurs.I may have a few hours to investigate though, after a reboot of theserver, but what am I looking for ?All I could gather via phone call during the problem with a top andnetstat command on the server is that a "xddlvqhhrd" command isconsuming 25% of CPU and that a connection is established with a remoteIP by a program named "grep "A""


Sounds like a rootkit to me.

Some action/documentation to help to get rid of this ?

TIA
Rudu

Reply to:

Follow-Ups:
- Re: A server getting mad
  - From: Sven Hartge <sven@svenhartge.de>

Prev by Date: Re: systemd alternative for Jessie?
Next by Date: Re: Suddenly Unbootable Systemd
Previous by thread: Re: Broadcom TG3 network drops, cannot recover without reboot
Next by thread: Re: A server getting mad
Index(es):
- Date
- Thread