The Tale of a Hacked VPS

A.P.
A.P.
Aug 5, 2017 · 3 min read

When Vultr came out with their $2.50 a month VPS a while back, I jumped at the chance and put dokku on it to use it as a testing/staging ground for my pet projects. As of this morning, the only long-term tenant on it was a small Node.js app which forwarded texts to a Korean cell phone to an American one. (Long story short, I’m currently in an environment where I only have an access to a phone that can’t make calls but can send texts.)

The Hack

Yup, someone is using my server for mining.

Then, I looked at the SSH access logs (sudo grep "Aug 4" /var/log/auth.log | less because I knew from the CPU logs above that this started happening on Auguest 4th):

which is, I guess, expected — bots try to brute-force your root password all the time. However, I was surprised to find these lines (there were more than one):

Somehow, my private key was compromised. This was a little scary to me, since I use this key-pair to do more than just push to dokku. (Thankfully, I only used it for pet projects — it wasn’t associated with my Github account).

Recovery

Lessons

  1. I’m always going to set PasswordAuthentication no from now on. Bots are always going to try to bruteforce your root account - while I know mathematically they're incredibly unlikely to succeed, I'm not gonna give them even the satisfaction of trying. (This DO post has some good instructions)
  2. I haven’t been setting a password for my private keys because… laziness. I really should do that from now on.
  3. Unrelated to this specific break-in, but I’m going to start configuring UFW on my servers, unimportant hobby instance or no.

It’s a jungle out there… everyone be careful, and take care. :)

Originally published at blog.alexpark.me on August 5, 2017.

AP on Code

A jumble of thoughts on mostly coding, but with stuff like…

AP on Code

A jumble of thoughts on mostly coding, but with stuff like food and travel thrown in as well.

A.P.

Written by

A.P.

AP on Code

A jumble of thoughts on mostly coding, but with stuff like food and travel thrown in as well.