For home server when no other users then you know have access, probably the spectre , meltdown bug isn’t the issue here. (if so then the firmware …)
But you have to check very precise where come from open acces to server from outside or inside, when security is OK, then this could be comming from something trusted or person inside your network. ( though this part itself could be hacked from outside)
So be very carefull when “hacked” local Network Servers, devices, IOT sh…t, webcams, smartdevices, whatever, then they are in your private trusted …
Windows —Linux networks and for all not updated then such hacks could be causing by SMB (such as vulnerable Samba file sharing servers) because the vulnerability is exploitable via the SMB protocol, and because the issue came to light so close to the WannaCry ransomware outbreak, some researchers started referring to the bug as SambaCry or EternalRed.
Wen not realy hacked but cause is a “virus” or other Bogus programm please check also, and notify the “antivirus” Programm makers. you use…
Old Software versions!
You can try if local network to check find trafic out… https://www.wireshark.org/
CSF if used i think should have send you a notice for strange root behaveoir
For all readers.
Main basic causes for hacked networks are:
That a lot of different protocols, devices and different OS also the diverge version, has to talk to eachother.
If some are to old and/or have Security flaws, or even worse default setups / admin/root access then mostly your complete network is unsafe, while mostly to much trusted out of own network! ( also in that view BYOD and the Users themselves…)
And warning never ever asume if only 1 device in network seems hacked or have a bogus programm the rest of your devices is not and should be safe
For the topic starter a good thing could be that they only are wanting “MINER” Machines so have a look at you other devices for exactly that kind off things
Also you use older php and mariadb it seems (PHP versions 5.4.16) when this is in special for 1 or more APPS then these apps could be to old and have some flaws to. ( apps not updated for using newer PHP then 5.4.x i think you can’t really trust anymore ? )