For about 2 weeks I have been receiving this email at root@domain.ch:
*** SECURITY information for domain.ch ***
domain.ch : Nov 16 11:31:01 : ftp : user NOT in sudoers ; TTY=unknown ; PWD=/srv/ftp ; USER=root ; COMMAND=/sbin/sysctl kernel.nmi_watchdog=0
The notification comes in intervals between 1 to 60 minutes.
Is that an ehcp force problem?
I haven't made any updates since then.
My OS is Debian 10, php7.3, Xenforo 2.1
A colleague has exactly the same thing.
Edit:
I found the mining virus and remove with this tutorial.
I hope is not a vulnerability in EHCP force......