Are you seeing weird kthread processes being executed from user’s home directory ?
For example, if you are on cPanel, are you seeing something like the file /home/user/.lesshts/kthread running and consuming the server resources ?
This looks suspicious as a kthread running with the home directory for a long time with the CPU load shooting up !
This is due to an exploitation of the ShellShock vulnerability and you should consider patching your server’s against this bug.
You check if your server is vulnerable to ShellShock by initiating the following command via SSH :
# env x='() { :;}; echo vulnerable' bash -c 'echo hello'
If you see the o/p as vulnerable hello, you would need to patch it.
On latest versions of CentOS/Redhat/Fedora, you might try with
# yum upgrade bash , to update the bash.
If you are running an older version of these, you would want to manually download the RPM and upgrade.
For CentOS/RHEL 4, you might use this RPM which i have attached here and then initiate a
# rpm -Uvh bash-3.0-27.0.3.el4.i386.rpm
Get relived from the Shell-Shock !