High CPU Usage from "eyshcjdmzg"

  • Hi all,
    First of all, thank you for such a great piece of software. I have been using OMV for over 1 year now and I haven't posted here at all, which means any problems I have had have been either easy to troubleshoot on my own or I could find an answer on this forum.


    This brings me to my problem now. Today, for majority of the day, I have noticed the CPU usage of my OMV is unusually high. I cannot figure out what it is. I have reviewed several threads where others have high CPU usage, but to no avail. Anyways, here is some important info of my system and perhaps someone could point me in the right direction, it would be greatly appreciated. Thank you.






  • I just started to SSH from outside yesterday. Thought it would be handy. Its new to me and I just learned how. Is there a secure way to do it without risk of malware? Also, I have a backup on my data drives I made recently with the backup plugin. Could I just restore that rather than reinstall?

    • Offizieller Beitrag

    Maybe. Definitely use a stronger root and user passwords. Disable root login. I would even use a different port other than 22. I wouldn't put OMV directly on the internet either. I would put it behind a firewall and only expose the one port.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Thing is it is behind a firewall, I opened up the SSH port and my root has a password. perhaps the password could be more secure. So as for restoring backup.. seems this "feature" doesn't actually work. Reinstall I guess is my only option.

  • Private Keys is also a good siggestion to secure ssh.


    Greetings
    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

  • I found this on Virustotal:


    https://www.virustotal.com/en/…345dc305c063a87/analysis/


    Looks like a DDos malware. It is probably Chinese, here is a google translated page with more information (original language is Chinese):


    https://translate.google.at/tr…rg%2F20150908_191437.html


    Another forum with more information on this:


    http://www.kernelmode.info/for…=16&t=3509&p=26480#p26480


    http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3509


    Is this a good example why Linux servers should run antivirus software as well?


    Using SSH key based authentification only is a good idea. Running the Fail2ban plugin too. Those brute force attackers leave you alone if you block their IP for a short time after a few failed login attemts.

  • On a side note tekkb, OpenVPN relies on the fact that it needs to be run with administrator privliges, while a SSH Session does not rely on that fact. A not so minor difference that can render OpenVPN an insufficent solution in certain situations.


    Greetings
    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

  • Hi,


    The OpenVPN Connect does not require administrative privileges to run like the community version.


    that's not quite right. There are two options in the openvpn.conf (serverside):
    user nobody
    group nobody


    That results in:


    root@OpenWrt:~# ps | grep vpn
    10649 nobody 3232 S /usr/sbin/openvpn --syslog openvpn(home) --status /var/run/openvpn.home.status --cd /var/etc --config openvpn-home


    Or do you mean the OpenVPN plugin?

  • I am not talking serverside. I am talking about the client apps. I think David is saying that if you are at work, as an example, the machine you are using you might not have administrative privileges. The community client app needs administrative privileges to run.


    David would have to clarify. The bottom line is the encryption used by either OpenVPN plugin is very strong. I just prefer opening ports for OpenVPN vs. SSH. I like access to the LAN (all my devices) vs. just my OMV.

  • David would have to clarify.


    Thats about right what you wrote. ;)



    OpenVPN needs admin rights to install those tap devices.


    Greetings
    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!