Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

CPU at 100% again

Featured Replies

Hi all,

 

I have been using unRaid for a few years but still am a novice at best. Periodically my CPU will randomly shoot up to 100% usage and I cannot figure out why. I checked my server last night and it was running at 17% usage, which is normal. I am running Frigate, Compreface, Plex, Sonarr and have HASSio on a VM. I am running 6.12.8. I've attached the diagnostics as well. Any help would be greatly appreciated!

Screenshot 2024-08-06 083842.png

 

Edited by UhlHomestead

  • Community Expert

Probably compromised- xmrig has it pegged

Edited by Michael_P

  • Author

Hey @Michael_P I found xmrig running as a process.
I am unsure how to kill the process and how to delete the xmrig

 

Edited by UhlHomestead

  • Author

So I found that xmrig was running in binhex - krusader.

Do you have any port forwarding rules in your router, or DMZ set?

  • Community Expert
2 hours ago, UhlHomestead said:

So I found that xmrig was running in binhex - krusader.

 

Kill it, make sure your server isn't exposed to the internet, check your go file and extras folder on your flash drive for anything weird.

 

And your VPN credentials are exposed in your diagnostics, you should edit the top post to remove it and change your VPN password as a matter of course. @limetech should really start thinking about obfuscating that.

  • Author

@Michael_P Thanks for the info. Do you know where my VPN creds are located so I can edit in the diagnostic file?

@JonathanM I do have port forwarding rules on my router.

Edited by UhlHomestead

7 minutes ago, UhlHomestead said:

I do have port forwarding rules on my router.

First order of business is to remove all outside access until you can figure out which port forward rule allowed you to be hacked.

  • Community Expert
2 hours ago, UhlHomestead said:

Do you know where my VPN creds are located so I can edit in the diagnostic file?

 

system/ps.txt

 

--setenv VPN_USER ******** --setenv VPN_PASS ********

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.