zlacker

[return to "I got hacked: My Hetzner server started mining Monero"]
1. except+Jp[view] [source] 2025-12-17 23:43:39
>>jakels+(OP)
The first step I would take is running podman instead of Docker to prevent container escapes. Podman can be run truly rootless and doesn't mess with your firewall. Next I would drop all caps if possible.
◧◩
2. doodle+7q[view] [source] 2025-12-17 23:46:09
>>except+Jp
What's the difference between running Podman and running Docker in rootless mode? (Other than Docker messing with the firewall, which apparently OP doesn't know about… yet). I understand Podman doesn't require a daemon, but is that all there is to it, or is there something I'm missing?
[go to top]