Hi,
I have a fairly fresh installation of debian 9 and after installing couple packages and gitlab I noticed that my two cores are loaded 99% all the time with processes called "md and mdx" I can't really figure out what those processes do as the only people mentioning them have software raid and mdadm package installed (which I do not as this is a hosted VPS on what I think is openstack). The other weird thing is that those two processes are being run under a user that should not have run anything. When I try to kill them they just respawn. When trying to find out more about the processes the full path from top/htop just says "worker"
I am bit lost as I have never seen anything like this so any leads would be greatly appreciated.
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
md and mdx processes load CPU 100%
- GarryRicketson
- Posts: 5644
- Joined: 2015-01-20 22:16
- Location: Durango, Mexico
Re: md and mdx processes load CPU 100%
I wonder ,
What those packages are, and where they came from,installing couple packages and gitlab I
"What we expect you have already Done"
==========
Old Website
======================
For the Birds
==================
What Does a Parrot Know About PTSD?
==========
Old Website
======================
For the Birds
==================
What Does a Parrot Know About PTSD?
Re: md and mdx processes load CPU 100%
Thanks for replying - the packages were all from debian and gitlab repos so I would think they are clean.GarryRicketson wrote:I wonder ,What those packages are, and where they came from,installing couple packages and gitlab I
Also after some more investigation I've found a weird crontab entry in one of the user's crontab and from there that the md and mdx processes are being run from a hidden directory called .c4k in the user's /home folder - it would seem that the account had been compromised and the the CPU cycles were used for something like bitcoin mining.