zlacker

[return to "I got hacked: My Hetzner server started mining Monero"]
1. danpar+Gj[view] [source] 2025-12-17 23:02:50
>>jakels+(OP)
No firewall! Wow that's brave. Hetzner will let you configure one that runs outside of the box so you might want to add that too, as part of your defense in depth - that will cover you if you make a mistake with ufw. Personally I keep SSH firewalled only to my home address in this way; if I'm out and about and need access, I can just log into Hetzner's website and change it temporarily.
◧◩
2. danw19+i91[view] [source] 2025-12-18 07:54:06
>>danpar+Gj
The only time I have ever had a machine compromised in 30 years of running Linux is when I ran something exposed to the internet on a well known port.

I know port scanners are a thing but the act of using non-default ports seems unreasonably effective at preventing most security problems.

◧◩◪
3. tonypl+jm3[view] [source] 2025-12-18 20:49:52
>>danw19+i91
If you do any npm install, pip install ..., docker pull ... / docker run ... , etc in linux. It is very easy to get compromise.

I did docker pull a few times base on some webpost (looks reasonable) and detect app/scripts from inside the docker connect to some .ru sites immediately or a few days later....

[go to top]