Over the weekend one of the virtual servers that I host was compromised and since then I've had all sorts of problems popping up.

The latest one is Apache taking 100% cpu usage as soon as it's started and staying like that until it is killed off.

ps aux returns:


strace on the process returns this, spamming very very quickly over and over again.

select(8, [3], NULL, NULL, {0, 0}) = 0 (Timeout)

access_log on the site returns:


It looks like a wordpress cron is being accessed very quickly from a remote IP.


If your system was hacked, don't try to troubleshoot this problem. You gotta do a full reinstall. Unless you are really skilled in this field, you'll never know if your system still has any root kits installed that will continue to cause problems. The only sure way is to nuke your whole system and reinstall.

