@Chocolate said in How to secure a server:
I din’t get the point, if they will manage to crack my pass then whats the difference if it’s root on a non-root with sudo privileges? they can do whatever they wand with sudo.
You are right if they have your password.
There ways of getting into an account without having the password.
Anything else to do except for whitelisting inbound connections, it’s not really possible for me to do that?
It’s possible to whitelist/blacklist complete ranges of addresses. IDK, maybe that would work for you.
Just out of curiosity how do they manage to hack a 16 digit password that is a combination of letters caps & digits, it should take years, no?
It is indeed very very unlikely that they brute-forced/guessed a strong password.
Why are you sure that they got in via SSH? Did you go through logs?
Maybe your password was in the clear somewhere?
There are many possibilities.
It is כדאי to understand how they got in, in order to protect yourself in future.
what are those guys gaining? except for them deleting a couple of files nothing changed, whats their goal?
- Not all servers are as invaluable as yours… until they get in they don’t know what valuable information may be there.
- Often they will run a bitcoin miner…
- They can earn a ransom sometimes by encrypting your files.
- They can make it part of a botnet.
BTW, the general rule in the industry is that once bad guys have gotten on to your server, you should never trust it again. i.e. wipe it and start fresh.