cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rva...@livelens.net.INVALID
Subject Brute force SSH trojan
Date Sun, 22 Nov 2020 08:35:12 GMT
​Hi Community!

Congratulations to the new committers.

One VM in a test environment was infected by a brute force SSH trojan. 

The OS is debian-9 , the template from openvm.eu

It had only SSH (22) and iperf (5001) services running and reachable from anywhere. 

I believe this article is related because of the tar file (dota3.tar.gz) that I found on the
system:
​
https://ethicaldebuggers.com/outlaw-botnet-affects-more-than-20000-linux-servers/
​
I have a snapshot of the ROOT volume in case anybody is interested to review it.

I suspect they got in via SSH, but I wonder how as only one KEY was setup (no password). I
am trying to find out more information.

Has anybody experienced this ? 

Regards,
Rafael

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message