ocarina Posted Tuesday at 05:00 PM Posted Tuesday at 05:00 PM Hello. VPS66 would like to have reverse DNS setup for the domain mail.wiimart.org Quote
ocarina Posted Tuesday at 05:07 PM Author Posted Tuesday at 05:07 PM Also, I received an email saying my VPS got hacked. I created a new user on my VPS so that my friend could connect to it and setup mailcow. Then I got the email saying it was hacked. Quote
ocarina Posted Tuesday at 05:13 PM Author Posted Tuesday at 05:13 PM Wait, I don't think that was my friend logging in. Quote
MoneyBroz Posted Tuesday at 05:50 PM Posted Tuesday at 05:50 PM 35 minutes ago, ocarina said: Wait, I don't think that was my friend logging in. Yes your VPS was hacked and started bruteforcing SSH on random servers. A rebuild is mandatory to continue using your VPS. Quote
Krydos Posted Tuesday at 05:50 PM Posted Tuesday at 05:50 PM Do you have a list of files that you want backed up prior to rebuilding the VPS? Quote
ocarina Posted Tuesday at 05:55 PM Author Posted Tuesday at 05:55 PM So I need the apache tomcat folder in `/home/ocarinavps`, the `/home/steam/steamcmd` directory, the `/home/steam/.config/` directory, and the `/home/ocarinavps/SCP` directory. I believe that is everything but if you are able to send a file list of `/home/ocarinavps` that would be great. Quote
MoneyBroz Posted Tuesday at 06:16 PM Posted Tuesday at 06:16 PM 21 minutes ago, ocarina said: but if you are able to send a file list of `/home/ocarinavps` that would be great. Â Quote
ocarina Posted Tuesday at 06:18 PM Author Posted Tuesday at 06:18 PM (edited) Yep, so apache-tomcat-10.1.30, /home/ocarina/SCP, /home/steam/steamcmd, and /home/steam/.config. Â Did anyone else's VPS get hacked or was it just mine? And is it possible to see the IP of the person who logged in to attack those other servers? Edited Tuesday at 06:19 PM by ocarina Quote
MoneyBroz Posted Tuesday at 06:25 PM Posted Tuesday at 06:25 PM 6 minutes ago, ocarina said: Did anyone else's VPS get hacked or was it just mine Just yours 6 minutes ago, ocarina said: And is it possible to see the IP of the person who logged in to attack those other servers That's what we are investigating. 1 Quote
Krydos Posted Tuesday at 08:19 PM Posted Tuesday at 08:19 PM 2 hours ago, ocarina said: And is it possible to see the IP of the person who logged in to attack Looks like there was a root login from 83.84.116.55 which doesn't appear to be you. Quote
ocarina Posted Tuesday at 08:24 PM Author Posted Tuesday at 08:24 PM Yeah, doing a quick IP lookup shows that this person is from the Netherlands. Is it possible to change the password used to login OR is it possible to use SSH keys to log in instead? (Obviously after the rebuild). Quote
MoneyBroz Posted Tuesday at 10:47 PM Posted Tuesday at 10:47 PM 2 hours ago, ocarina said: Yeah, doing a quick IP lookup shows that this person is from the Netherlands. Is it possible to change the password used to login OR is it possible to use SSH keys to log in instead? (Obviously after the rebuild). You can change the password of your account by typing passwd in the terminal. Quote
Krydos Posted Tuesday at 11:34 PM Posted Tuesday at 11:34 PM 3 hours ago, ocarina said: SSH keys to log in instead? Yeah, definitely. Just put your public key value in /home/username/.ssh/authorized_keys and then login without a password. Quote
ocarina Posted Wednesday at 12:43 AM Author Posted Wednesday at 12:43 AM Cool, can the rebuild begin now? I need to start the game server soon. Quote
MoneyBroz Posted Wednesday at 03:01 AM Posted Wednesday at 03:01 AM 2 hours ago, ocarina said: Cool, can the rebuild begin now? I need to start the game server soon. We're about to start the rebuild soon, is there anymore files that you need backed up before it all gets erased? Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.