CPU pinned at 100%


Recommended Posts

Hello!

 

I'm having a problem with my server where numerous cores max out to 100% and never come back to idle.  I've already deleted and re-installed all my dockers and apps which did not fix the problem.  I cannot correlate the issue to anything specific.

 

Running Top and Netdata I see the following:image.thumb.png.6d9b1d84f869c1beee3dfcccb0f9e38b.png

 

Log File:

ErrorWarningSystemArrayLogin
Jan 14 16:43:07 UnRaid sshd[40569]: Accepted none for root from 218.92.1.142 port 33371 ssh2
Jan 14 16:43:07 UnRaid sshd[40569]: Received disconnect from 218.92.1.142 port 33371:11: 
Jan 14 16:43:07 UnRaid sshd[40569]: Disconnected from user root 218.92.1.142 port 33371
Jan 14 16:43:08 UnRaid login[40630]: ROOT LOGIN on '/dev/pts/4'
Jan 14 16:43:09 UnRaid telnetd[39001]: ttloop: peer died: EOF
Jan 14 16:43:09 UnRaid in.telnetd[40673]: connect from 223.79.160.38 (223.79.160.38)
Jan 14 16:43:47 UnRaid telnetd[40673]: ttloop: peer died: EOF
Jan 14 16:43:47 UnRaid in.telnetd[41854]: connect from 223.79.160.38 (223.79.160.38)
Jan 14 16:44:02 UnRaid sshd[42599]: Accepted none for root from 218.92.1.142 port 17803 ssh2
Jan 14 16:44:03 UnRaid sshd[42599]: Received disconnect from 218.92.1.142 port 17803:11: 
Jan 14 16:44:03 UnRaid sshd[42599]: Disconnected from user root 218.92.1.142 port 17803
Jan 14 16:44:24 UnRaid telnetd[41854]: ttloop: peer died: EOF
Jan 14 16:44:24 UnRaid in.telnetd[43498]: connect from 223.79.160.38 (223.79.160.38)
Jan 14 16:45:00 UnRaid telnetd[43498]: ttloop: peer died: EOF
Jan 14 16:45:00 UnRaid in.telnetd[45017]: connect from 223.79.160.38 (223.79.160.38)
Jan 14 16:45:03 UnRaid sshd[45104]: Accepted none for root from 218.92.1.142 port 53068 ssh2
Jan 14 16:45:03 UnRaid sshd[45104]: Received disconnect from 218.92.1.142 port 53068:11: 
Jan 14 16:45:03 UnRaid sshd[45104]: Disconnected from user root 218.92.1.142 port 53068
Jan 14 16:45:35 UnRaid telnetd[45017]: ttloop: peer died: EOF
Jan 14 16:45:36 UnRaid in.telnetd[46555]: connect from 223.79.160.38 (223.79.160.38)
Jan 14 16:46:01 UnRaid sshd[47529]: Accepted none for root from 218.92.1.142 port 37444 ssh2
Jan 14 16:46:01 UnRaid sshd[47529]: Received disconnect from 218.92.1.142 port 37444:11: 
Jan 14 16:46:01 UnRaid sshd[47529]: Disconnected from user root 218.92.1.142 port 37444
Jan 14 16:46:11 UnRaid telnetd[46555]: ttloop: peer died: EOF
Jan 14 16:46:11 UnRaid in.telnetd[47834]: connect from 223.79.160.38 (223.79.160.38)
Jan 14 16:46:16 UnRaid sshd[4192]: Received disconnect from 64.113.32.29 port 38126:11: FlowSshClientSession: disconnected on user's request
Jan 14 16:46:16 UnRaid sshd[4192]: Disconnected from user ftp 64.113.32.29 port 38126
Jan 14 16:46:46 UnRaid sshd[435]: Invalid user from 5.101.40.166 port 60882
Jan 14 16:46:46 UnRaid sshd[435]: error: Could not get shadow information for NOUSER
Jan 14 16:46:46 UnRaid sshd[435]: Failed password for invalid user from 5.101.40.166 port 60882 ssh2
Jan 14 16:46:46 UnRaid sshd[435]: Connection closed by invalid user 5.101.40.166 port 60882 [preauth]
Jan 14 16:46:52 UnRaid telnetd[47834]: ttloop: peer died: EOF
Jan 14 16:46:52 UnRaid in.telnetd[570]: connect from 223.79.160.38 (223.79.160.38)
Jan 14 16:46:58 UnRaid sshd[675]: Accepted none for root from 218.92.1.142 port 26066 ssh2
Jan 14 16:46:58 UnRaid sshd[675]: Received disconnect from 218.92.1.142 port 26066:11: 
Jan 14 16:46:58 UnRaid sshd[675]: Disconnected from user root 218.92.1.142 port 26066
Jan 14 16:47:29 UnRaid telnetd[570]: ttloop: peer died: EOF
Jan 14 16:47:29 UnRaid in.telnetd[2235]: connect from 223.79.160.38 (223.79.160.38)
Jan 14 16:47:55 UnRaid sshd[3181]: Accepted none for root from 218.92.1.142 port 18752 ssh2
Jan 14 16:47:56 UnRaid sshd[3181]: Received disconnect from 218.92.1.142 port 18752:11: 
Jan 14 16:47:56 UnRaid sshd[3181]: Disconnected from user root 218.92.1.142 port 18752

 

I'm looking for ideas to correct this issue.

 

Thanks!

Matt

 

Gigabyte GA-7PESH2

2x Intel Xeon 2690v2

128gb DDR3 ECC Ram

1x 10 TB Parity

1x 10 TB

7x 6 TB

 4x 4TB

2x 2TB

1x Samsung 950 Pro 512 GB Cache

1x Samsung 960 NVME 512GB - Unassigned

Link to comment
1 hour ago, Matt Clawson said:

Jan 14 16:47:55 UnRaid sshd[3181]: Accepted none for root from 218.92.1.142 port 18752 ssh2

China

1 hour ago, Matt Clawson said:

Jan 14 16:46:16 UnRaid sshd[4192]: Disconnected from user ftp 5.101.40.166 port 38126

Ruskies

1 hour ago, Matt Clawson said:

Jan 14 16:46:16 UnRaid sshd[4192]: Received disconnect from 64.113.32.29 port 38126:11: FlowSshClientSession: disconnected on user's request

USA (Actually, some farmer in Wichita, KS)

 

Are you teleporting and/or trying to give user's access to your machine?  Or (more likely), you've forwarded 443 from your router to directly to the server and/or have the server sitting in a DMZ.  Don't do this.  Use a VPN instead or the Let'sEncrypt / nginx Proxy Manager containers to accomplish what you're trying to do.

 

Also, according to your top screenshot, bash is using 3002% of the CPU, and that is probably all related to the above, and nothing to do with your containers.

Edited by Squid
  • Upvote 1
Link to comment
39 minutes ago, Matt Clawson said:

I think the only access to the server is through Plex Remote Access with a single open port at 32400 (fairly usual for that.)

Run the port probes from this website to see how secure your server is and what ports might be exposed over the Internet.

 

Click on the Proceed button and run the Common Ports and All Service Ports scans.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.