cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Brute force SSH trojan
Date Sun, 22 Nov 2020 08:35:12 GMT
​Hi Community!

Congratulations to the new committers.

One VM in a test environment was infected by a brute force SSH trojan. 

The OS is debian-9 , the template from

It had only SSH (22) and iperf (5001) services running and reachable from anywhere. 

I believe this article is related because of the tar file (dota3.tar.gz) that I found on the
I have a snapshot of the ROOT volume in case anybody is interested to review it.

I suspect they got in via SSH, but I wonder how as only one KEY was setup (no password). I
am trying to find out more information.

Has anybody experienced this ? 


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message