ocarina Posted May 20 Posted May 20 Hello. VPS66 would like to have reverse DNS setup for the domain mail.wiimart.org
ocarina Posted May 20 Author Posted May 20 Also, I received an email saying my VPS got hacked. I created a new user on my VPS so that my friend could connect to it and setup mailcow. Then I got the email saying it was hacked.
MoneyBroz Posted May 20 Posted May 20 35 minutes ago, ocarina said: Wait, I don't think that was my friend logging in. Yes your VPS was hacked and started bruteforcing SSH on random servers. A rebuild is mandatory to continue using your VPS.
Krydos Posted May 20 Posted May 20 Do you have a list of files that you want backed up prior to rebuilding the VPS?
ocarina Posted May 20 Author Posted May 20 So I need the apache tomcat folder in `/home/ocarinavps`, the `/home/steam/steamcmd` directory, the `/home/steam/.config/` directory, and the `/home/ocarinavps/SCP` directory. I believe that is everything but if you are able to send a file list of `/home/ocarinavps` that would be great.
MoneyBroz Posted May 20 Posted May 20 21 minutes ago, ocarina said: but if you are able to send a file list of `/home/ocarinavps` that would be great. Â
ocarina Posted May 20 Author Posted May 20 (edited) Yep, so apache-tomcat-10.1.30, /home/ocarina/SCP, /home/steam/steamcmd, and /home/steam/.config. Â Did anyone else's VPS get hacked or was it just mine? And is it possible to see the IP of the person who logged in to attack those other servers? Edited May 20 by ocarina
MoneyBroz Posted May 20 Posted May 20 6 minutes ago, ocarina said: Did anyone else's VPS get hacked or was it just mine Just yours 6 minutes ago, ocarina said: And is it possible to see the IP of the person who logged in to attack those other servers That's what we are investigating. 1
Krydos Posted May 20 Posted May 20 2 hours ago, ocarina said: And is it possible to see the IP of the person who logged in to attack Looks like there was a root login from 83.84.116.55 which doesn't appear to be you.
ocarina Posted May 20 Author Posted May 20 Yeah, doing a quick IP lookup shows that this person is from the Netherlands. Is it possible to change the password used to login OR is it possible to use SSH keys to log in instead? (Obviously after the rebuild).
MoneyBroz Posted May 20 Posted May 20 2 hours ago, ocarina said: Yeah, doing a quick IP lookup shows that this person is from the Netherlands. Is it possible to change the password used to login OR is it possible to use SSH keys to log in instead? (Obviously after the rebuild). You can change the password of your account by typing passwd in the terminal.
Krydos Posted May 20 Posted May 20 3 hours ago, ocarina said: SSH keys to log in instead? Yeah, definitely. Just put your public key value in /home/username/.ssh/authorized_keys and then login without a password.
ocarina Posted May 21 Author Posted May 21 Cool, can the rebuild begin now? I need to start the game server soon.
MoneyBroz Posted May 21 Posted May 21 2 hours ago, ocarina said: Cool, can the rebuild begin now? I need to start the game server soon. We're about to start the rebuild soon, is there anymore files that you need backed up before it all gets erased?
Recommended Posts