ocarina Posted 4 hours ago Posted 4 hours ago Hello. VPS66 would like to have reverse DNS setup for the domain mail.wiimart.org Quote
ocarina Posted 4 hours ago Author Posted 4 hours ago Also, I received an email saying my VPS got hacked. I created a new user on my VPS so that my friend could connect to it and setup mailcow. Then I got the email saying it was hacked. Quote
ocarina Posted 4 hours ago Author Posted 4 hours ago Wait, I don't think that was my friend logging in. Quote
MoneyBroz Posted 3 hours ago Posted 3 hours ago 35 minutes ago, ocarina said: Wait, I don't think that was my friend logging in. Yes your VPS was hacked and started bruteforcing SSH on random servers. A rebuild is mandatory to continue using your VPS. Quote
Krydos Posted 3 hours ago Posted 3 hours ago Do you have a list of files that you want backed up prior to rebuilding the VPS? Quote
ocarina Posted 3 hours ago Author Posted 3 hours ago So I need the apache tomcat folder in `/home/ocarinavps`, the `/home/steam/steamcmd` directory, the `/home/steam/.config/` directory, and the `/home/ocarinavps/SCP` directory. I believe that is everything but if you are able to send a file list of `/home/ocarinavps` that would be great. Quote
MoneyBroz Posted 3 hours ago Posted 3 hours ago 21 minutes ago, ocarina said: but if you are able to send a file list of `/home/ocarinavps` that would be great. Ā Quote
ocarina Posted 3 hours ago Author Posted 3 hours ago (edited) Yep, so apache-tomcat-10.1.30, /home/ocarina/SCP, /home/steam/steamcmd, and /home/steam/.config. Ā Did anyone else's VPS get hacked or was it just mine? And is it possible to see the IP of the person who logged in to attack those other servers? Edited 3 hours ago by ocarina Quote
MoneyBroz Posted 3 hours ago Posted 3 hours ago 6 minutes ago, ocarina said: Did anyone else's VPS get hacked or was it just mine Just yours 6 minutes ago, ocarina said: And is it possible to see the IP of the person who logged in to attack those other servers That's what we are investigating. 1 Quote
Krydos Posted 1 hour ago Posted 1 hour ago 2 hours ago, ocarina said: And is it possible to see the IP of the person who logged in to attack Looks like there was a root login fromĀ 83.84.116.55 which doesn't appear to be you. Quote
ocarina Posted 1 hour ago Author Posted 1 hour ago Yeah, doing a quick IP lookup shows that this person is from the Netherlands. Is it possible to change the password used to login OR is it possible to use SSH keys to log in instead? (Obviously after the rebuild). Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.