Serious - Need help - CentOS8 - VM - Probably compromised
Ok, so finally it happened. A couple days ago, I installed centos8 on a VM... nothing else is configured. Its a brand new custom ISO install.
Today, I was checking the graphs/ stats and it looks like the server is maxing CPU for past 2 days and outbound network activity is happening at almost full port speed...
I am preplexed as to what may have happened. I have shut down the VM for now.. to make sure nothing more bad can happen (I think).
I know a quick fix is to reinstall... Since there is no data on the server as its a fresh install, I am OK to do that, but I would rather learn on troubleshooting this.
What is it something I can check to find out what was the reason for the outbound connectivity? Is my server compromised? If yes, what logs can I check? How can I know if some malicious user is wreaking havoc? What is it that was causing the 100% CPU (per providers chart)?
Any advise is appreciated.
Thanks in advance.