Recent content by horstmc

ah ok, nftables, I have never used it. I will read some tutorials

An I used a windshield made of sugar.

how large can this integer become?;) what firewall do you use? iptables / ipv4/ipv6 ?

I use it now, as I said, I was too reckless. I am asking, because I am not a security expert and I want to learn and I like to know the experience of others.

Yes sure, may be you can give me some advices. Again, what happend to the broken server: bash was delete, history was delete, whitecat has been installed auth.log was still present some useraccounts with root access have been created like: htop with root access and bash plex user (like...

@blunix, I just use ipv8;) So, the honeypot server is set up on the same domain and same port 22. I hope the leaked pw is still in use by the bots. If someone will come and log in, everything it/he does will be logged independent from bash history.

Wow what a traffic here:) I also change port to a high number on all my different server now. In auth.log there are also login in appemts. So it is much less than port 22 but not zero. Here some IP from auth.log on high port 107.170.227.24 (San Francisco, California) 107.170.233.14 (San...

thx @blunix and @f33dm3bits Yes, password login is a bad idea, I know. So passwd login is disabled now. Next step I will block all ips except mine. My ISP has a changing ip, so I have to update the iptables automaticly ... I did not know port-knocking, I will have a look at the topic. Good...

Thanks for your answers! @Condobloke, no reinstall, I testet system with clamAV, rootkithunter, chkrootkit and maldetect. Nothing found after the reboot. I guess it was an crypto miner running or script using my server for ddos, because system was OOM when I arravied at the server physically...

Greetings to you, A few days ago may server was hacked and crashed via Out of memory. In the auth.log i discovered my password as username. So my pw was stolen. I got a lot of successful logins from many ips in my auth.log! Source of my pw i guess: I had saved the password of the debain...