Nostr Web Client

PSA don't allow ssh to a server with a public ip while there's an account with a common password on it 🤦

Luckily it looks like they just wanted to install a miner, so I cleaned all that up. But man, close call.

Please Login to reply.

Who allows logins with passwords on publicly exposed SSH servers anyways?

Not me (anymore)

I found this article quite amusing:

He basically does the *opposite* of recommended security practice and sees what happens.

That's pretty much exactly what happened to me, but with a different attack designed to turn my machine into some kind of miner.

Oh like your computer is an Iranian nuclear centrifuge?

No, that involved a physical infiltration and extensive reverse engineering.

Good. Also glad that server was easy to clean up.

Yeah, me too.

I would still watch your network traffic for the next couple days just to make sure there's no interesting phone homes to sketchy looking places.

Aye sir 🫡