Public
- Public
- Groups
- Recent tags
- Popular
- Directory

Conversation:

Notices

Matthew Davidson (mjd)'s status on Monday, 09-Sep-2019 17:25:19 EDT Matthew Davidson
Remote profile options...

Well that explains why my processes were dying. #Exim vulnerability let a cryptocurrency miner in. Would never have noticed if the script wasn't over-zealous in identifying process that may be a threat. Start killing #MySQL and #Apache and people will notice. Going through my system deleting the garbage now. Feel like I can hear HAL singing "Daisy, Daisy…" https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.sh.mixbash.a

Monday, 09-Sep-2019 17:25:19 EDT from microblog.mjd.id.au at 30°21'41"S 153°6'9"E permalink
- Matthew Davidson (mjd)'s status on Tuesday, 10-Sep-2019 03:16:44 EDT Matthew Davidson
  Remote profile options...
  
  Well, that was painful. After playing whack-a-mole with all the redundant processes, executables, /etc/cron* entries, etc., a bash script to stomp on the lot and immediately reboot for good measure saw off the script kiddies in time for #work today.
  
  Tuesday, 10-Sep-2019 03:16:44 EDT permalink
- Matthew Davidson (mjd)'s status on Tuesday, 10-Sep-2019 03:45:56 EDT Matthew Davidson
  Remote profile options...
  
  CryptoPonzi changes the risk calculus for a hobby sysadmin. If an attacker's objective is to quietly leech CPU cycles, what better target than a GNU/Linux VPS whose typical virtual CPU usage rounds down to 0% of its allotment? Think I may have to start running `apt-get dist-upgrade` non-interactively via cron.
  
  Tuesday, 10-Sep-2019 03:45:56 EDT permalink

Public

Conversation:

Notices

Feeds