Recently, I have seen a couple of my client and dev team’s server become really slow with 100% CPU usage.
It looked like we were compromised and a malware was running on the system. The system was basically mining crypto currency and also was used to breach into other systems to spread this malware.
I stumbled upon this answer and it shook me. The attacker even had edited
.bashrc to delete our SSH keys and add his one each time we opened the terminal.
We had password based SSH login but have moved to key based now. I strongly suggest all of you to stick to SSH keys instead of passwords. Upgrade your OS to the latest version. Routinely check the logs for any suspicious activities.
Also, please suggest other ways to secure the server.