Hi Joe, pole sana - we all face these challenges! Most importantly, make sure your server is updated. Which distro? What services are running on your server which are exposed to the outside? Run "lsof -i" to see what ports you are listening on, and what connections are active. If you are using ssh, make sure you disable password login - only use keys. A separate hardware firewall may also help (pfSense is good). Also, sounds to me like you already may have a rootkit in place, given the 'daily basis'. Sad, but a fresh install may be the best bet. Cheers, Tony On 31/07/2016, joe mwirigi via skunkworks <skunkworks@lists.my.co.ke> wrote:
For the past 2 weeks, one of my servers have been hacked and slaved on a daily bases.
1. First it was from some skid network that slaved the servers for some spoofing 2. It was used for some ddos operation (against some online gaming company 3. It was someone flashing my redis keys for fun using evil redis 4. Tonight its mining quack bit coins
- May be am using no protection or am having it the wrong way. Having been too lazy on cyber security, I guess it's a beating I deserve. anyone else facing such challenges?
I just use selinux, iptables, and ipblocker for bruteforce, changing passwords flushing and regenerating keys :(
*_______________________________________________________________We must Keep on, We can't stop here *
-- Tony White