zlacker

[return to "A story on home server security"]
1. gobble+3c[view] [source] 2025-01-05 14:53:22
>>todsac+(OP)
> Fortunately, despite the scary log entries showing attempts to change privileges and delete critical folders, it seemed that all the malicious activity was contained within the container.

OP can't prove that. The only way is to scrap the server completely and start with a fresh OS image. If OP has no backup and ansible repo (or anything similar) to configure a new home server quickly, then I guess another valuable lesson was learned here.

◧◩
2. diggan+Nc[view] [source] 2025-01-05 15:01:44
>>gobble+3c
Not 100% what you mean with "scrapping" the server, you suggest just a re-install OS? I'd default to assuming the hardware itself is compromised somehow, if I'm assuming someone had root access. If you were doing automated backups from something you assume was compromised, I'm not sure restoring from backups is a great idea either.
[go to top]