md and mdx processes load CPU 100%

Kernels & Hardware, configuring network, installing services

md and mdx processes load CPU 100%

Postby t&nk » 2017-12-17 01:05

Hi,
I have a fairly fresh installation of debian 9 and after installing couple packages and gitlab I noticed that my two cores are loaded 99% all the time with processes called "md and mdx" I can't really figure out what those processes do as the only people mentioning them have software raid and mdadm package installed (which I do not as this is a hosted VPS on what I think is openstack). The other weird thing is that those two processes are being run under a user that should not have run anything. When I try to kill them they just respawn. When trying to find out more about the processes the full path from top/htop just says "worker"
I am bit lost as I have never seen anything like this so any leads would be greatly appreciated.
t&nk
 
Posts: 7
Joined: 2015-12-01 00:29

Re: md and mdx processes load CPU 100%

Postby GarryRicketson » 2017-12-17 01:29

I wonder ,
installing couple packages and gitlab I

What those packages are, and where they came from,
"What we expect you have already Done"

Before doing anything, read the Debian documentation:
Debian Documentation
How to ask the smart way
Debian Foro Español
======================
For the Birds
User avatar
GarryRicketson
 
Posts: 4597
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: md and mdx processes load CPU 100%

Postby t&nk » 2017-12-17 11:16

GarryRicketson wrote:I wonder ,
installing couple packages and gitlab I

What those packages are, and where they came from,


Thanks for replying - the packages were all from debian and gitlab repos so I would think they are clean.

Also after some more investigation I've found a weird crontab entry in one of the user's crontab and from there that the md and mdx processes are being run from a hidden directory called .c4k in the user's /home folder - it would seem that the account had been compromised and the the CPU cycles were used for something like bitcoin mining.
t&nk
 
Posts: 7
Joined: 2015-12-01 00:29


Return to System configuration

Who is online

Users browsing this forum: No registered users and 16 guests

fashionable