Security issues on self-hosted servers

Recently, I have seen a couple of my client and dev team’s server become really slow with 100% CPU usage.

It looked like we were compromised and a malware was running on the system. The system was basically mining crypto currency and also was used to breach into other systems to spread this malware.

I stumbled upon this answer and it shook me. The attacker even had edited .bashrc to delete our SSH keys and add his one each time we opened the terminal.

We had password based SSH login but have moved to key based now. I strongly suggest all of you to stick to SSH keys instead of passwords. Upgrade your OS to the latest version. Routinely check the logs for any suspicious activities.

Also, please suggest other ways to secure the server.

6 Likes

It’s really scary to think about someone being able to access our systems and cause harm. I’m glad you were able to make switch to key based SSH login and I completely agree that this is the best way to secure your server. In addition to switching to key based SSH login, I’d suggest taking a look at your firewall settings and making sure you have the latest security patches installed. You could also consider using a VPN for extra protection. It’s also a good idea to regularly check your logs for any suspicious activity.I’d also like to recommend that you consider getting in touch with the professionals at https://www.nwitservices.com for the best security services. They have a team of experienced IT experts that can help you protect your systems and data from any potential threats. They offer a wide range of services, from security audits to vulnerability assessments, so you can be sure you’re getting the best possible protection. I hope this helps and I wish you all the best in securing your servers.