| View previous topic :: View next topic |
| Author |
Message |
hongqn
n00b
Joined: 04 Apr 2005
Posts: 22
Location: Beijing, China
|
 Posted: Tue Jul 01, 2008 5:18 am Post subject: What are ublockd and tblockd? |
 |
|
One of my servers behaves strangely these days. Every day after around 9am, it refuses ssh connections from outside, while the already connected ssh logins still work. It comes back to work after a cold reset (because it is in a remote IDC). And some files were lost, including /bin/passwd, /usr/bin/passwd, /var/log/*, and maybe some others we haven't found out.
`top` shows there are two processes, ublockd and tblockd, are using ~5% CPU each. What are they? I googled but found nothing. Maybe these two processes are relative to the strange behaviors? Or some bad guy has stolen my password?
_________________
God's in his heaven, all's right with the world.
Registered Linux User #396996 |
|
| Back to top |
|
 |
jcat
Veteran
Joined: 26 May 2006
Posts: 1337
|
| Posted: Tue Jul 01, 2008 6:41 am Post subject: |
|
|
Never heard of them. I'm not saying you have definitely been hacked, but something doesn't smell right...
Change your passwords
Check your system logs and run some of the root kit detection utilities.
Even if you haven't been compromised it's a good thing to do occasionally.
Cheers,
jcat |
|
| Back to top |
|
|
di1bert
l33t
Joined: 16 May 2002
Posts: 963
Location: Oslo, Norway
|
| Posted: Tue Jul 01, 2008 7:15 am Post subject: |
|
|
I'd start with installing chkrootkit and rkhunter to see what they have to say. It certainly doesn't sound like a
good place to be in.
-m |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Kernel & Hardware
