Process suddenly starts using lots of CPU

I have a java chat socket (nexusServer) running on my system. Under normal circumstances, it only uses few resources as it's just a socket passing on data to the actual IRC channel, not a full IRC application itself.

A couple of days ago, nexusServer suddenly started to go really heavily on the CPU (80-100%), and using "top" I could also see that the time running was climbing almost identical to real time (under normal use, it usually stays at 0:00 because the connection times are really short). I watched it for a bit, and after 1:30 hours finally killed the process. I waited a while, then restarted it, and again for about a minute it did the same thing (going heavy on the CPU) and then suddenly went back to normal.

I am assuming that someone was massively scanning the particular port, or that it was maybe even a DoS attack of some kind. Needless to say that I am somewhat concerned. I've only had the server for a couple of months, and although I am trying to learn, I am still far from being an expert. So is my assessment/guess correct that such a behavior can be triggered from the outside without security having been compromised? And I assume that whether or not such an event might LEAD to a security compromise basically relies on the program listening to that port (nexusServer in this case) and whether or not is has some security flaw (leading to a stack overflow or whatever) that the attacker can use to his advantage?

Or am I totally on the wrong track and what I have described can much more likely be caused by...?

Many thanks in advance!
yosmcAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

paullamhkgCommented:
Not so sure is the hacking activities or the program have a leak, anyway, have a look here for setup a secure linux http://www.tldp.org/HOWTO/Security-HOWTO/index.html at lease you can protect your linux box.
0
yosmcAuthor Commented:
Thanks for the link, Paul (actually that's one of the pages I used when I set up the server, but it's a good idea to check into it again). What about the leak theory? I'm currently leaning slightly into that direction, because the chat socket also showed above behavior after the last "regular" chat session. However, while I think I understand how a leak can eat up more and more RAM, I'm not quite sure how it can consume more and more CPU time. Any ideas?
0
yosmcAuthor Commented:
This problem is still haunting me. I am pretty sure by now that there is actually some sort of "leak" - essentially, when we have a scheduled chat, the CPU usage slowly rises but never goes back, even when the chat is over and everyone is gone.

I'm kinda lost here, because (as stated above) I can understand how a leak can consume your RAM, but not sure how this might work with CPU time. I'm not looking for the ultimate wisdom here - any hints and even guesses are welcome, whoever inspires me to find a solution will get the points.
0
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

mac_Commented:
Does nexusServer really closes the closed sockets after a while ? (have a look at netstat -an)

Is there IP traffic on this port ? (tcpdump)

At worst (and if it still haunts you), you can try to debug the program by running it in a debugger or profiler...
0
yosmcAuthor Commented:
Thanks for the suggestions. It seems like I was finally able to solve the problem (knocking of wood), and the solution was quite interesting!

In the End, requiring a higher version of Flash from the user clients did the trick. Seems like the problem only occurred when someone connected to the chat who was running Flash 5 on his machine. Saving the client in Flash 6 and forcing everyone to upgrade obviously made the problem go away. A friend pointed me to this possiblility - I had never thought of it! :)
0
paullamhkgCommented:
Since you solve your problem yourself, please post a 0 point request to EE admin here http://www.experts-exchange.com/Community_Support/  request to closed and points refund :)
0
LunchyCommented:
PAQed, with points refunded (500)

Lunchy
Friendly Neighbourhood Community Support Admin
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Security

From novice to tech pro — start learning today.