May be do not just assume, you need to check on it On Mon, Nov 23, 2020 at 1:00 AM <[email protected]> wrote:
> Hi! > > I don't know. I have to look into it. > > I did setup my template to use SSH key, and disabled password (when > importing the template in ACS). I assumed that password auth would be > disabled and only available via that SSH key. > > I have to look into this and check if that is happening or not. I guess > this should be either in cloud-init or in the template itself. > > I will look into it this week. > > Rafael > On Sun, 2020-11-22 03:38 PM, Hean Seng <[email protected]> wrote: > > Hi > > > > You did not change the password, and all using the default password ? > > > > On Sun, Nov 22, 2020 at 4:59 PM " > target="_blank"><[email protected]> wrote: > > > > > ​Hi Community! > > > > > > Congratulations to the new committers. > > > > > > One VM in a test environment was infected by a brute force SSH trojan. > > > > > > The OS is debian-9 , the template from openvm.eu > > > > > > It had only SSH (22) and iperf (5001) services running and reachable > from > > > anywhere. > > > > > > I believe this article is related because of the tar file > (dota3.tar.gz) > > > that I found on the system: > > > ​ > > > > > > > https://ethicaldebuggers.com/outlaw-botnet-affects-more-than-20000-linux-servers/ > > > ​ > > > I have a snapshot of the ROOT volume in case anybody is interested to > > > review it. > > > > > > I suspect they got in via SSH, but I wonder how as only one KEY was > setup > > > (no password). I am trying to find out more information. > > > > > > Has anybody experienced this ? > > > > > > Regards, > > > Rafael > > > > > > > > > -- > > Regards, > > Hean Seng > > -- Regards, Hean Seng
