    hopying someone can help me with this very puzzling problem?

    randomly on monday one of our sites using zeroshell started seeing SLOW dns requests and internet, we checked with ISP, no problems so check router

    we looked into our zeroshell router and we noticed that named was using neally 40% CPU usage!? and also ldapd was also using neally 40% usage

    when loading a page it would take about a min or 2 to look for the ip of a dns name then spring into life!

    we also noticed on our SYSLOG server that we was getting
    ‘ [Cron Database]: Running … ‘ repeating every 2 minutes ???
    coming from our zeroshell router and we managed to trace it bk to the Cron Database script and the line
    ‘ /DB/.DB.001 ‘

    if we # out that line, the server resumes to normal usage and everything speeds up but take out the # and it starts playing funny again ๐Ÿ™

    we also noticed that all of our logs from previous months on the zeroshell had vanished too!, thankfully we had the syslog stuff on our servers

    round about the time this Cron Database started showing up i noticed this in our syslogs
    ‘ (root) REPLACE (root) ‘ and ‘ (CRON) STARTUP (V5.0) ‘

    have we possible come under attack by a hacker maybe and hes gained access?
    is it as simple as zeroshell have changed something and the zeroshell doesnt like it?

    any suggestions would be much helpful ๐Ÿ™‚




    Hi, I found out that there is a MALWARE around… and

    Have a look at my post on the italian forum (sorry, it’s in italian, but you should be able to find your way on the code…): http://www.zeroshell.net/forum/viewtopic.php?t=4115

    Same post in english: https://www.zeroshell.org/forum/viewtopic.php?t=4176

