I have hosted the server on on my could
upon inspecting i found CPU usage is 100%
and I found that rsync is running continosly
I think this has been started through the corn (not sure though)
I would like to know what are this cornjobs are for ?
Alright, everyone, I’ve learned a valuable lesson the hard way.
I made a mistake that I now realize was quite foolish. I had set the password for the “frappe” user as “frappe123” . Unfortunately, this oversight led to a security breach, and my system was compromised by a hacker.
To rectify the situation, I followed the steps outlined in the following guide: https://nitifilter.com/en/ive-been-hacked/.
Additionally, it’s important to note that you should also install an xmrig detector and remove any suspicious components. Here are the commands to do so:
ps aux | grep xmrig
killall -9 xmrig
rm -rf c3pool
For further details on the threat and how to mitigate it, refer to this informative article: https://yoroi.company/en/research/outlaw-is-back-a-new-crypto-botnet-targets-european-organizations/.
Let’s all learn from this experience and ensure we prioritize security measures to protect our systems in the future.
2 Likes