zlacker

[return to "I got hacked: My Hetzner server started mining Monero"]
1. tgtwea+Bf[view] [source] 2025-12-17 22:37:20
>>jakels+(OP)
Just a note - you can very much limit cpu usage on the docker containers by setting --cpus="0.5" (or cpus:0.5 in docker compose) if you expect it to be a very lightweight container, this isolation can help prevent one roudy container from hitting the rest of the system regardless of whether it's crypto-mining malware, a ddos attempt or a misbehaving service/software.
◧◩
2. fragme+wj[view] [source] 2025-12-17 23:01:56
>>tgtwea+Bf
The other thing to note is that docker is for the most part, stateless. So if you're running something that has to deal with questionable user input (images and video or more importantly PDFs), is to stick it on its own VM and then cycle the docker container every hour and the VM every 12, and then still be worried about it getting hacked and leaking secrets.
[go to top]