Why is your ACS allowing connections from CPEs not in your IP space? We setup our DSL CPE's with two PVCs, one on the standard 0/35 that customer internet traffic uses, and 0/36 which is strictly for the ACS and lives in private IP space. For our PON and ethernet customers, untagged traffic is public internet, and traffic tagged to a specific VLAN goes to the ACS. The tagging is done by the CPE. In this way, our attack surface is significantly reduced.
-dan On Wed, Jul 27, 2016 at 2:22 AM, Sergio < [email protected]> wrote: > Hello! > > I've been hacked these months on servers that had GenieACS installed. > They've only hacked GenieACS instances, I've got many others and this is > something weird. > > I've been focusing on the logs, and the SSH trial-and-error log is huge. > But I always install Fail2Ban so I'm not considering this as the source of > the problem. We have tried also only enabling public-key logging, so we > deactivate passwords, but the problem is the same. > > The last hack has been today, and my machine was being used as a Bitcoin > miner in the monero.crypto-pool.fr > > The other instance normally is infected by a ransomware that encrypts all > that is under the apache directory and some others. > > Do you know what could be happening? I follow the guide I wrote here > https://github.com/zaidka/genieacs/wiki/Installation-in-Ubuntu-14.04-Server > The only thing I know it's a bit unsecure it's that I am using a root > account... But we think that it is not the main problem. > > Any related stories on this topic are welcome, as well as any tip, or > anything that I could be missing in my guide. > > Thank you a lot! > > Sergio F. > _______________________________________________ > Users mailing list > [email protected] > http://lists.genieacs.com/mailman/listinfo/users >
_______________________________________________ Users mailing list [email protected] http://lists.genieacs.com/mailman/listinfo/users
