hopying someone can help me with this very puzzling problem?
randomly on monday one of our sites using zeroshell started seeing SLOW dns requests and internet, we checked with ISP, no problems so check router
we looked into our zeroshell router and we noticed that named was using neally 40% CPU usage!? and also ldapd was also using neally 40% usage
when loading a page it would take about a min or 2 to look for the ip of a dns name then spring into life!
we also noticed on our SYSLOG server that we was getting
‘ [Cron Database]: Running … ‘ repeating every 2 minutes ???
coming from our zeroshell router and we managed to trace it bk to the Cron Database script and the line
‘ /DB/.DB.001 ‘
if we # out that line, the server resumes to normal usage and everything speeds up but take out the # and it starts playing funny again 🙁
we also noticed that all of our logs from previous months on the zeroshell had vanished too!, thankfully we had the syslog stuff on our servers
round about the time this Cron Database started showing up i noticed this in our syslogs
‘ (root) REPLACE (root) ‘ and ‘ (CRON) STARTUP (V5.0) ‘
have we possible come under attack by a hacker maybe and hes gained access?
is it as simple as zeroshell have changed something and the zeroshell doesnt like it?