I had an issue with one of my staging servers on Digital Ocean, running Ubuntu 20.04. CPU utilization was at 100% for a couple of hours, and I knew something had to be up. Upon further investigation, I found that 100% of my CPU was being utilized by a process called “kdevtmpfsi”.
After some Googling, I found that this was a crypto-miner malware. However, everything I found on how to remove it was regarding to people using Docker containers and Redis — but I wasn’t. It was a very basic Ubuntu image, running Nginx and serving up PHP content.
None of the other solutions seemed to work for me, so I had to find my own. The following commands seemed to work for me. I’ve regained my CPU usage back, and haven’t had any further issues.
sudo kill -9sudo kill -9
sudo rm -f /tmp/kdevtmpfsi sudo rm -f /var/tmp/kinsing sudo rm -f /tmp/kinsing
sudo apt install ufw sudo ufw allow 80 #enable port 80, if needed sudo ufw allow 443 #enable port 443, if needed sudo ufw allow "OpenSSH" #enable SSH connections, if it's not already and it's needed sudo ufw deny 9000 sudo ufw enable
After making these changes, I’ve been running for a solid week without any other issues. Previously, all other fixes I had tried would work for about an hour, and then come back.
Hope this helps!
Also, removing the cronjob and creating new readonly files with the same names would help.
Like advised here: https://stackoverflow.com/questions/60151640/kdevtmpfsi-using-the-entire-cpu
Thanks!! I’ve been struggling with this for a while
kdevtmpfsi come from php:7-fpm official docker image..
# php:
# image: php:7-fpm
# restart: unless-stopped
# ports:
# – “9000:9000”
Thanks for your post it was very helpful.I just had this problem today, and the processes were associated with the user id belonging to Docker
doesn’t wok for me