Hi You did not change the password, and all using the default password ?
On Sun, Nov 22, 2020 at 4:59 PM <[email protected]> wrote: > ​Hi Community! > > Congratulations to the new committers. > > One VM in a test environment was infected by a brute force SSH trojan. > > The OS is debian-9 , the template from openvm.eu > > It had only SSH (22) and iperf (5001) services running and reachable from > anywhere. > > I believe this article is related because of the tar file (dota3.tar.gz) > that I found on the system: > ​ > > https://ethicaldebuggers.com/outlaw-botnet-affects-more-than-20000-linux-servers/ > ​ > I have a snapshot of the ROOT volume in case anybody is interested to > review it. > > I suspect they got in via SSH, but I wonder how as only one KEY was setup > (no password). I am trying to find out more information. > > Has anybody experienced this ? > > Regards, > Rafael > -- Regards, Hean Seng
