LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page get rid off user nobody running high cpu process fiberlamp after killing process fuzzyflakes returns
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-03-2023, 01:33 PM   #1
tellme
LQ Newbie
 
Registered: Jul 2011
Posts: 5

Rep: Reputation: Disabled
get rid off user nobody running high cpu process fiberlamp after killing process fuzzyflakes returns

I have a user nobody running a process named fiberlamp and uses high cpu on my old unbuntu 12.04 mailserver

top command the process is in the top 3 of processes:
23792 nobody 30 10 32744 2328 1524 S 9 0.0 0:50.85 fiberlamp

When i killed the process sudo kill 23792 the user nobody comes back with process fuzzyflakes


PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1572 root 20 0 159m 46m 14m S 39 0.8 528:33.38 Xorg
1320 nobody 30 10 32076 1784 1420 S 4 0.0 0:15.72 fuzzyflakes
11598 bind 20 0 739m 88m 13m S 2 1.5 0:33.90 named
1344 ebox 20 0 10956 2080 896 S 1 0.0 0:17.66 redis-server
2894 root 20 0 1875m 215m 62m S 0 3.7 2:42.19 firefox
12036 root 20 0 516m 32m 1648 S 0 0.6 0:01.72 samba
12059 root 20 0 210m 3044 1620 S 0 0.1 0:01.03 nmbd


Where to find the file or command that triggers this malware or how to disable user nobody from running processes

thanks for all input
Alex
 
Old 04-03-2023, 01:40 PM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,753

Rep: Reputation: 7983Reputation: 7983Reputation: 7983Reputation: 7983Reputation: 7983Reputation: 7983Reputation: 7983Reputation: 7983Reputation: 7983Reputation: 7983Reputation: 7983
Quote:
Originally Posted by tellme View Post
I have a user nobody running a process named fiberlamp and uses high cpu on my old unbuntu 12.04 mailserver top command the process is in the top 3 of processes:

23792 nobody 30 10 32744 2328 1524 S 9 0.0 0:50.85 fiberlamp

When i killed the process sudo kill 23792 the user nobody comes back with process fuzzyflakes
Code:
  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
 1572 root      20   0  159m  46m  14m S   39  0.8 528:33.38 Xorg
 1320 nobody    30  10 32076 1784 1420 S    4  0.0   0:15.72 fuzzyflakes
11598 bind      20   0  739m  88m  13m S    2  1.5   0:33.90 named
 1344 ebox      20   0 10956 2080  896 S    1  0.0   0:17.66 redis-server
 2894 root      20   0 1875m 215m  62m S    0  3.7   2:42.19 firefox
12036 root      20   0  516m  32m 1648 S    0  0.6   0:01.72 samba
12059 root      20   0  210m 3044 1620 S    0  0.1   0:01.03 nmbd
Where to find the file or command that triggers this malware or how to disable user nobody from running processes

thanks for all input
Alex
Did you look for either of those program names?? They are the names of screensavers, not 'malware'. When you kill one, the next screensaver in the list comes on. 99.x% certain you have a screensaver on your console that's running. Don't....screensavers are HORRIBLE for security, and fairly useless. Go to your console, and disable your screensaver.
 
2 members found this post helpful.
Old 04-03-2023, 06:01 PM   #3
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,691
Blog Entries: 4

Rep: Reputation: 3947Reputation: 3947Reputation: 3947Reputation: 3947Reputation: 3947Reputation: 3947Reputation: 3947Reputation: 3947Reputation: 3947Reputation: 3947Reputation: 3947
Yes, and of course the "nobody" user is ... well ... "nobody at all." This UID is commonly selected when there isn't a real user. Nothing to be concerned about.

"nobody" is a user and belongs to a group that "nobody" belongs to – and has no privileges whatsoever.
Last edited by sundialsvcs; 04-04-2023 at 09:30 AM.
 
1 members found this post helpful.
Old 04-04-2023, 04:59 AM   #4
rpenny
Member
 
Registered: Jul 2019
Posts: 83

Rep: Reputation: Disabled
I would be more worried that you are still running Ubuntu 12.04, that is long dead.
 
1 members found this post helpful.
Old 04-04-2023, 01:33 PM   #5
tellme
LQ Newbie
 
Registered: Jul 2011
Posts: 5

Original Poster
Rep: Reputation: Disabled
This is how i solved this high cpu process fiberlamp/fuzzyflakes by user nobody
Quote:
Originally Posted by tellme View Post
I have a user nobody running a process named fiberlamp and uses high cpu on my old unbuntu 12.04 mailserver

top command the process is in the top 3 of processes:
23792 nobody 30 10 32744 2328 1524 S 9 0.0 0:50.85 fiberlamp

When i killed the process sudo kill 23792 the user nobody comes back with process fuzzyflakes


PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1572 root 20 0 159m 46m 14m S 39 0.8 528:33.38 Xorg
1320 nobody 30 10 32076 1784 1420 S 4 0.0 0:15.72 fuzzyflakes
11598 bind 20 0 739m 88m 13m S 2 1.5 0:33.90 named
1344 ebox 20 0 10956 2080 896 S 1 0.0 0:17.66 redis-server
2894 root 20 0 1875m 215m 62m S 0 3.7 2:42.19 firefox
12036 root 20 0 516m 32m 1648 S 0 0.6 0:01.72 samba
12059 root 20 0 210m 3044 1620 S 0 0.1 0:01.03 nmbd


Where to find the file or command that triggers this malware or how to disable user nobody from running processes

thanks for all input
Alex
Thanks for all input, so i have solved this problem and user TB0ne has absolutely right, it was related to xscreenssaver process so i killed that and so far the system works like a rocket again !!! . These were my actions, thx all !

root@linuxserver:~# < /etc/passwd grep nobody
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
root@linuxserver:/etc# sudo chsh -s /usr/sbin/nologin nobody --> command disable and deny shell (sh) user nobody
root@linuxserver:/etc# < /etc/passwd grep nobody
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin

root@linuxserver:/etc# ps aux | grep nobody
nobody 2884 0.0 0.0 59640 3864 ? S 03:52 0:00 xscreensaver -no-splash
root 13648 0.0 0.0 8124 940 pts/13 S+ 20:58 0:00 grep --color=auto nobody
root@linuxserver:/etc# killall -9 xscreensaver

Last login: Mon Apr 3 19:32:59 2023 from 192.XXX.XXX.XXX
root@linuxserver:~# ps aux | grep nobody
root 32624 0.0 0.0 8120 944 pts/12 S+ 02:04 0:00 grep --color=auto nobody
root@linuxserver:~#

Last login: Tue Apr 4 02:04:14 2023 from 192.XXX.XXX.XXX
root@linuxserver:~# ps aux | grep nobody
root 16280 0.0 0.0 8120 940 pts/12 S+ 20:21 0:00 grep --color=auto nobody
root@linuxserver:~#
 
  


Reply

Tags
kill, pid, process



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
user nobody mixed group id between nobody & nogroup . babydr Slackware 3 03-23-2023 01:00 PM
[SOLVED] High CPU load, top not showing any high CPU process angel115 Linux - Server 8 10-12-2015 12:58 AM
Files dragged/dropped from DVD to samba share get nobody:nobody & wrong mask anon091 Linux - Server 2 05-08-2014 01:59 PM
[SOLVED] High CPU load, but low CPU usage (high idle CPU) baffy Linux - Newbie 5 03-13-2013 09:24 AM
[SOLVED] can't get rid of user called nobody zeelog Linux - Security 4 01-10-2012 12:07 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:49 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration