Greetings to you,
A few days ago may server was hacked and crashed via Out of memory.
In the auth.log i discovered my password as username. So my pw was stolen.
I got a lot of successful logins from many ips in my auth.log!
Source of my pw i guess:
I had saved the password of the debain server on a Windows 10 computer in WinSCP (which of course you should not do). The Windows computer was full of malware, I later realized
The malware on my debain 12.4 system left whitecat in /usr/bin
the bash was reset and all ssh keys.
in addition a strange entry in /etc/passwd:
htop:x:0:0:root:/root:/bin/bash
My leaked password is: fjgurdk7824!
Maybe some one can find it in a database of leaked pw.
None of the files were encrypted from the malware. I removed as much as possible from the debain machine which seemed strange to me.
I think it was a crpytominer because the system was completely overloaded and crashed.
I have deactivated password login, only login via pub key.
I will gladly post further system information
Do you have any idea what kind of malware it was?
A few days ago may server was hacked and crashed via Out of memory.
In the auth.log i discovered my password as username. So my pw was stolen.
I got a lot of successful logins from many ips in my auth.log!
Source of my pw i guess:
I had saved the password of the debain server on a Windows 10 computer in WinSCP (which of course you should not do). The Windows computer was full of malware, I later realized
The malware on my debain 12.4 system left whitecat in /usr/bin
the bash was reset and all ssh keys.
in addition a strange entry in /etc/passwd:
htop:x:0:0:root:/root:/bin/bash
My leaked password is: fjgurdk7824!
Maybe some one can find it in a database of leaked pw.
None of the files were encrypted from the malware. I removed as much as possible from the debain machine which seemed strange to me.
I think it was a crpytominer because the system was completely overloaded and crashed.
I have deactivated password login, only login via pub key.
I will gladly post further system information
Do you have any idea what kind of malware it was?