cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hean Seng <heans...@gmail.com>
Subject Re: Brute force SSH trojan
Date Sun, 22 Nov 2020 14:38:32 GMT
Hi

You did not change the password, and all using the default password ?

On Sun, Nov 22, 2020 at 4:59 PM <rvalle@livelens.net.invalid> wrote:

> ​Hi Community!
>
> Congratulations to the new committers.
>
> One VM in a test environment was infected by a brute force SSH trojan.
>
> The OS is debian-9 , the template from openvm.eu
>
> It had only SSH (22) and iperf (5001) services running and reachable from
> anywhere.
>
> I believe this article is related because of the tar file (dota3.tar.gz)
> that I found on the system:
> ​
>
> https://ethicaldebuggers.com/outlaw-botnet-affects-more-than-20000-linux-servers/
> ​
> I have a snapshot of the ROOT volume in case anybody is interested to
> review it.
>
> I suspect they got in via SSH, but I wonder how as only one KEY was setup
> (no password). I am trying to find out more information.
>
> Has anybody experienced this ?
>
> Regards,
> Rafael
>


-- 
Regards,
Hean Seng

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message