Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Confluence not stopping when killing its process

Peter Seger
Peter Seger
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 15, 2019

Confluence has recently starting running at a pegged 100% CPU utilization (with no traffic) even though it usually hovers around 20-40% even with heavy traffic. I went to stop Confluence to investigate, but can't.

When I try to stop Confluence gracefully, it fails with 

PID file found but either no matching process was found or the current user does not have permission to stop the process. Stop aborted.

When I try to just for stop it by killing its process using `kill -9 PID`, it kills it but the process just restarts with a different PID seconds later. I don't have Conflunece auto re-start on or setup, so it should just kill it. Why is the process being recreated?!

Thank you!

Answer
Watch
Like Be the first to like this
530 views

1 answer

0 votes
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 15, 2019

Hi Peter,

What version of Confluence do you have installed currently?

The symptoms you described match an active exploit that attacks the CVE-2019-3396 Widget Connector vulnerability from March 20th (see Confluence Security Advisory - 2019-03-20). We've seen attackers infect servers with malware that tries to mine bitcoin. The malware runs under the confluence system user account, consumes all the CPU, and relaunches itself every few minutes if you kill the process.

If you're on a vulnerable version, the first step in fixing this is upgrading Confluence. The latest releases are:

Secondly, the LSD malware cleanup tool will be useful for removing the Kerberods malware. I would recommend executing cleanup after upgrading Confluence to a patched version so there's no possibility of re-infection while you work on the upgrade.

Please let me know if you have more questions!
Daniel | Atlassian Support

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events