zlacker

[return to "I got hacked: My Hetzner server started mining Monero"]
1. danpar+Gj[view] [source] 2025-12-17 23:02:50
>>jakels+(OP)
No firewall! Wow that's brave. Hetzner will let you configure one that runs outside of the box so you might want to add that too, as part of your defense in depth - that will cover you if you make a mistake with ufw. Personally I keep SSH firewalled only to my home address in this way; if I'm out and about and need access, I can just log into Hetzner's website and change it temporarily.
◧◩
2. tete+7u[view] [source] 2025-12-18 00:18:39
>>danpar+Gj
Firewalls in the majority of cases don't get you much. Yes it's a last line of defense if you do something really stupid and don't even know where or what you configure your services to listen on, but if you don't the difference between running firewalls and not is minuscule.

There are way more important things like actually knowing that you are running software with widely known RCE that don't even use established mechanisms to sandbox themselves it seems.

The way the author describes docker being the savior appears to be sheer luck.

◧◩◪
3. danpar+7U[view] [source] 2025-12-18 05:07:33
>>tete+7u
The author mentioned they had other services exposed to the internet (Postgres, RabbitMQ) which increases their attack surface area. There may be vulnerabilities or misconfigurations in those services for example.

Good security is layered.

◧◩◪◨
4. seszet+cX[view] [source] 2025-12-18 05:42:55
>>danpar+7U
But if they have to be exposed then a firewall won't help, and if they don't have to be exposed to the internet then a firewall isn't needed either, just configure them not to listen on non-local interfaces.
◧◩◪◨⬒
5. spoace+l21[view] [source] 2025-12-18 06:41:58
>>seszet+cX
This sounds like an extremely effective foot gun.

Just use a firewall.

◧◩◪◨⬒⬓
6. vultou+Rr1[view] [source] 2025-12-18 10:52:53
>>spoace+l21
If you're at a point where you are exposing services to the internet but you don't know what you're doing you need to stop. Choosing what interface to listen on is one of the first configuration options in pretty much everything, if you're putting in 0.0.0.0 because that's what you read on some random blogspam "tutorial" then you are nowhere near qualified to have a machine exposed to the internet.
◧◩◪◨⬒⬓⬔
7. herman+742[view] [source] 2025-12-18 15:11:43
>>vultou+Rr1
Don't do anything until you are an expert is excellent gatekeeping, fortunately this is hacker news so we can ignore the gatekeepers!

I suggest people fuck around and find out, just limit your exposure. Spin up a VPS with nothing important, have fun, and delete it.

At some point we are all unqualified to use the internet and we used it anyway.

No one is going to die because your toy project got hacked and you are out $5 in credits, you probably learned a ton in the process.

◧◩◪◨⬒⬓⬔⧯
8. lgvld+MU7[view] [source] 2025-12-20 13:24:04
>>herman+742
Absolutely. Thank you.
[go to top]