Greetings Penguins. I've got a machine that has a mildly nefarious program running on it: xmrig which appears to be a cryptocurrency miner. See https://xmrig.com/.
I've got 3 small form factor Debian servers running with similar setups for ssh through a firewall on obscure (non standard) ports. One of the machines is running the xmrig software through a linux users (user1) crontab. The other two linux systems (box2 and box3) show no login/cron action from the user running xmrig on box1. At one point in time, I set up putty on a windows machine for user1. That connected to box1 in the local network behind the firewall in the "safe zone". We were testing user1 login to box1. I was just informed that that windows machine is old and running windows7: bad sign. I'd like to blame this on Windows ;-) As I have a very similar setup on the firewall for all the linux boxes if that was the vector, I'd expect to see hactivity on all boxes, but it's observed only on the box that connected to the Windows machine. I'd like to be responsible and not just smug. Can I just blame this on Windows? Thanx all. The snow's not gone yet! -- Joe Golden /_\ 802 793 2323 /_\ Coding, Drupalism, Open Sourcery
