ocarina Posted 6 hours ago Posted 6 hours ago Hello. VPS66 would like to have reverse DNS setup for the domain mail.wiimart.org Quote
ocarina Posted 6 hours ago Author Posted 6 hours ago Also, I received an email saying my VPS got hacked. I created a new user on my VPS so that my friend could connect to it and setup mailcow. Then I got the email saying it was hacked. Quote
ocarina Posted 6 hours ago Author Posted 6 hours ago Wait, I don't think that was my friend logging in. Quote
MoneyBroz Posted 5 hours ago Posted 5 hours ago 35 minutes ago, ocarina said: Wait, I don't think that was my friend logging in. Yes your VPS was hacked and started bruteforcing SSH on random servers. A rebuild is mandatory to continue using your VPS. Quote
Krydos Posted 5 hours ago Posted 5 hours ago Do you have a list of files that you want backed up prior to rebuilding the VPS? Quote
ocarina Posted 5 hours ago Author Posted 5 hours ago So I need the apache tomcat folder in `/home/ocarinavps`, the `/home/steam/steamcmd` directory, the `/home/steam/.config/` directory, and the `/home/ocarinavps/SCP` directory. I believe that is everything but if you are able to send a file list of `/home/ocarinavps` that would be great. Quote
MoneyBroz Posted 5 hours ago Posted 5 hours ago 21 minutes ago, ocarina said: but if you are able to send a file list of `/home/ocarinavps` that would be great. Â Quote
ocarina Posted 5 hours ago Author Posted 5 hours ago (edited) Yep, so apache-tomcat-10.1.30, /home/ocarina/SCP, /home/steam/steamcmd, and /home/steam/.config. Â Did anyone else's VPS get hacked or was it just mine? And is it possible to see the IP of the person who logged in to attack those other servers? Edited 5 hours ago by ocarina Quote
MoneyBroz Posted 5 hours ago Posted 5 hours ago 6 minutes ago, ocarina said: Did anyone else's VPS get hacked or was it just mine Just yours 6 minutes ago, ocarina said: And is it possible to see the IP of the person who logged in to attack those other servers That's what we are investigating. 1 Quote
Krydos Posted 3 hours ago Posted 3 hours ago 2 hours ago, ocarina said: And is it possible to see the IP of the person who logged in to attack Looks like there was a root login from 83.84.116.55 which doesn't appear to be you. Quote
ocarina Posted 3 hours ago Author Posted 3 hours ago Yeah, doing a quick IP lookup shows that this person is from the Netherlands. Is it possible to change the password used to login OR is it possible to use SSH keys to log in instead? (Obviously after the rebuild). Quote
MoneyBroz Posted 55 minutes ago Posted 55 minutes ago 2 hours ago, ocarina said: Yeah, doing a quick IP lookup shows that this person is from the Netherlands. Is it possible to change the password used to login OR is it possible to use SSH keys to log in instead? (Obviously after the rebuild). You can change the password of your account by typing passwd in the terminal. Quote
Krydos Posted 8 minutes ago Posted 8 minutes ago 3 hours ago, ocarina said: SSH keys to log in instead? Yeah, definitely. Just put your public key value in /home/username/.ssh/authorized_keys and then login without a password. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.