zlacker

[return to "I got hacked: My Hetzner server started mining Monero"]
1. p0w3n3+Y01[view] [source] 2025-12-18 06:24:54
>>jakels+(OP) 

  $ sudo ufw default deny incoming
  $ sudo ufw default allow outgoing
  $ sudo ufw allow ssh
  $ sudo ufw allow 80/tcp
  $ sudo ufw allow 443/tcp
  $ sudo ufw enable
As a user of iptables this order makes me anxious. I used to cut myself out from the server many times because first blocking then adding exceptions. I can see that this is different here as the last command commits the rules...
◧◩
2. kgeist+Gv1[view] [source] 2025-12-18 11:25:50
>>p0w3n3+Y01
I had this one too: I first denied all incoming requests and was about to allow SSH, but my SSH connection dropped :) Fortunately, I was able to restore the VM with the provider's VM console.
[go to top]