Hello!
I've been hacked these months on servers that had GenieACS installed.
They've only hacked GenieACS instances, I've got many others and this is
something weird.
I've been focusing on the logs, and the SSH trial-and-error log is huge.
But I always install Fail2Ban so I'm not considering this as the source
of the problem. We have tried also only enabling public-key logging, so
we deactivate passwords, but the problem is the same.
The last hack has been today, and my machine was being used as a Bitcoin
miner in the monero.crypto-pool.fr
The other instance normally is infected by a ransomware that encrypts
all that is under the apache directory and some others.
Do you know what could be happening? I follow the guide I wrote here
https://github.com/zaidka/genieacs/wiki/Installation-in-Ubuntu-14.04-Server
The only thing I know it's a bit unsecure it's that I am using a root
account... But we think that it is not the main problem.
Any related stories on this topic are welcome, as well as any tip, or
anything that I could be missing in my guide.
Thank you a lot!
Sergio F.
_______________________________________________
Users mailing list
[email protected]
http://lists.genieacs.com/mailman/listinfo/users
