I had an issue with one of my staging servers on Digital Ocean, running Ubuntu 20.04. CPU utilization was at 100% for a couple of hours, and I knew something had to be up. Upon further investigation, I found that 100% of my CPU was being utilized by a process called “kdevtmpfsi”.
After some Googling, I found that this was a crypto-miner malware. However, everything I found on how to remove it was regarding to people using Docker containers and Redis — but I wasn’t. It was a very basic Ubuntu image, running Nginx and serving up PHP content.
None of the other solutions seemed to work for me, so I had to find my own. The following commands seemed to work for me. I’ve regained my CPU usage back, and haven’t had any further issues.
sudo kill -9
sudo kill -9
sudo rm -f /tmp/kdevtmpfsi sudo rm -f /var/tmp/kinsing sudo rm -f /tmp/kinsing
sudo apt install ufw sudo ufw allow 80 #enable port 80, if needed sudo ufw allow 443 #enable port 443, if needed sudo ufw allow "OpenSSH" #enable SSH connections, if it's not already and it's needed sudo ufw deny 9000 sudo ufw enable
After making these changes, I’ve been running for a solid week without any other issues. Previously, all other fixes I had tried would work for about an hour, and then come back.
Hope this helps!