Any detective to help with quest? Virus/worm on Ubuntu. Can not connect :(
I have 512 MB Memory / 20 GB Disk / AMS3 - Ubuntu LAMP on 14.04 droplet.
I have installed Prestashop.
It was working for few months. But now it does not. Now:
- Does not ping from outer world ("Request timeout for icmp_seq 0".)
- Ic an not ssh to it ("ssh: connect to host 188.166.xx.xx port 22: Operation timed out")
- I can access it only with native DigitalOcean Droplet Console.
In DigitalOcean Droplet Panel I see:
- CPU usage almost constantly around 13%. (12 aug 2016 — CPU dropped from 14.5% avg flat to 13% avg flat.)
- Public in/outbound: 0.
- Constantly I see writing to disk: 0.6Mb/s At around 17:30 every day I see regular spike to CPU 19%, Disk read 1Mb/s, Disk write 1Mb/s.
If from the DigitalOcean Droplet Console:
- I can not ping www.google.com
- Can not see process list with ps or top — it hangs forever. Until I restart the Droplet.
I have created another Droplet. But from there I can not connect to my first droplet neither:
root@ubuntu-512mb-ams3-01:~# ssh 188.166.xx.xx -v -v -v
OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g-fips 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: /etc/ssh/ssh_config line 59: Applying options for *
debug2: resolving "188.166.xx.xx" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 188.166.xx.xx port 22.
debug1: connect to address 188.166.xx.xx port 22: No route to host
ssh: connect to host 188.166.xx.xx port 22: No route to host
Same "No route to host" if I go to "First" droplet and try to ssh to the "New" one.
The "First" Droplet Console lags quite a lot comparing to "New" one. So something is running there, but I can not see a process list.
Please help to either restore proper control.
To copy DB data and archived prestashop. (Already did tgz and mysqldump.)
Maybe list me some commands you think might try. I would really appreciate your help, guys!