zlacker

[return to "I got hacked: My Hetzner server started mining Monero"]
1. broken+Ff1[view] [source] 2025-12-18 09:00:44
>>jakels+(OP)
I am not an expert in incident reaction, but I thought the safe way was to image the affected machine, turn it off, take a clean machine, boot a clean OS image with the affected image mounted read only in a VM, and do the investigation like that ?

Assume that the malware has replaced system commands, possibly used a kernel vulnerability to lie to you to hide its presence, so do not do anything in the infected system directly ?

◧◩
2. dewey+8g1[view] [source] 2025-12-18 09:05:00
>>broken+Ff1
Maybe if your company infrastructure is affected but not the server you use to host your side projects on with “coolify” unless IT security is your hobby.
[go to top]