​Hi Community! Congratulations to the new committers.
One VM in a test environment was infected by a brute force SSH trojan. The OS is debian-9 , the template from openvm.eu It had only SSH (22) and iperf (5001) services running and reachable from anywhere. I believe this article is related because of the tar file (dota3.tar.gz) that I found on the system: ​ https://ethicaldebuggers.com/outlaw-botnet-affects-more-than-20000-linux-servers/ ​ I have a snapshot of the ROOT volume in case anybody is interested to review it. I suspect they got in via SSH, but I wonder how as only one KEY was setup (no password). I am trying to find out more information. Has anybody experienced this ? Regards, Rafael
