Server CPU performance overhead

Server CPU performance overhead

by Shamal Sabah -
Number of replies: 4

Dear sirs,

We are using Moodle on Linux Server, the Server specification is meeting higher than the minimum requirements, but we countered a CPU full performance issue and it is caused by:

-bash -a cryptonight -o stratum+tcp://pool.minexmr.com:4444 -u 44TYbh84mGoMSiuDx8hbdJ6vkcc64MAS9LnaQ2qoJX6dAxvguq8ZAy2HJLLNL1LX6QLfiWsQH9Snbhyno3BjBWMk6B1nh35 -p x

Thank you for your Help.
Average of ratings: -
In reply to Shamal Sabah

Re: Server CPU performance overhead

by James McLean -
Sorry to say, but that is malware used for cryptocoin mining. It is not moodle.

Your server is compromised. 

Average of ratings: -
In reply to James McLean

Re: Server CPU performance overhead

by Shamal Sabah -

Thank you a lot, but, we believe that it comes with one of the plugins? our server is not compromised at all.

Average of ratings: -
In reply to Shamal Sabah

Re: Server CPU performance overhead

by Ken Task -
Picture of Particularly helpful Moodlers

Please see:

https://www.digitalocean.com/community/questions/malware-droplet-being-used-to-mine-cryptocurrency-stratum

Which/what plugin do you suspect?

Ken

Average of ratings: -
In reply to Ken Task

Re: Server CPU performance overhead

by Dan Bennett -

Exactly this, you should be able to find out the culprit using the link above.

It's unlikely to be a plugin, but if you share with us the output of htop (for example), which will show what is running the command, then we can help if you still require it.

In the meantime, if you have a firewall sitting between the server and the web, you can block the pools URL and port which should stop the CPU usage (as it won't be able to get any updates from the pool, it won't know what to mine... therefore will idle. In theory.).

Average of ratings: -