www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

[Database Update] cron problem

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
simondosmith



Joined: 04 Apr 2012
Posts: 5

PostPosted: Wed Oct 23, 2013 3:33 pm    Post subject: [Database Update] cron problem Reply with quote

Hi,

hopying someone can help me with this very puzzling problem?

randomly on monday one of our sites using zeroshell started seeing SLOW dns requests and internet, we checked with ISP, no problems so check router

we looked into our zeroshell router and we noticed that named was using neally 40% CPU usage!? and also ldapd was also using neally 40% usage

when loading a page it would take about a min or 2 to look for the ip of a dns name then spring into life!

we also noticed on our SYSLOG server that we was getting
' [Cron Database]: Running ... ' repeating every 2 minutes ???
coming from our zeroshell router and we managed to trace it bk to the Cron Database script and the line
' /DB/.DB.001 '

if we # out that line, the server resumes to normal usage and everything speeds up but take out the # and it starts playing funny again Sad

we also noticed that all of our logs from previous months on the zeroshell had vanished too!, thankfully we had the syslog stuff on our servers

round about the time this Cron Database started showing up i noticed this in our syslogs
' (root) REPLACE (root) ' and ' (CRON) STARTUP (V5.0) '

have we possible come under attack by a hacker maybe and hes gained access?
is it as simple as zeroshell have changed something and the zeroshell doesnt like it?

any suggestions would be much helpful Smile

regards

Simon
Back to top
View user's profile Send private message Send e-mail
fsala



Joined: 06 Nov 2013
Posts: 3

PostPosted: Wed Nov 06, 2013 3:48 pm    Post subject: Reply with quote

Hi, I found out that there is a MALWARE around... and

Have a look at my post on the italian forum (sorry, it's in italian, but you should be able to find your way on the code...): http://www.zeroshell.net/forum/viewtopic.php?t=4115

UPDATE
Same post in english: http://www.zeroshell.org/forum/viewtopic.php?t=4176
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group