General discussion : VPS hacked

A place to discuss anything.
Post Reply
User avatar
megarain
Posts: 1322
Joined: Thu May 16, 2013 1:26 pm
Location: skype : megarain.co.uk@gmail.com
Contact:

Wed Jul 29, 2020 6:38 pm

A brand new server which was set-up 2 months ago and never used was hacked.

I have no idea how they got access etc, but this is what u see :

Luckily there was nothing on there, but its made me think about logging out of everthing before I switch off at night.
You do not have the required permissions to view the files attached to this post.

User avatar
ShaunWhite
Posts: 5969
Joined: Sat Sep 03, 2016 3:42 am

Wed Jul 29, 2020 7:24 pm

Thx for the reminder.

Easiest thing to do to secure a new VPS is to setup an new user account with admin rights, then disable the admin account*. If 'Admin' or 'Administrator' isn't a valid user then that's an extra level of hassle for them and they'll probably just move to the next IP on the list and try 'Admin' on that instead.

Dozens of other things you can do obvioulsy but that's easiest and pretty good. Same for home PCs too, if you have a user account called admin or administrator that's just asking for an attack.

*Make sure the new account works first otherwise you'll lock yourself out.

User avatar
Euler
Posts: 19448
Joined: Wed Nov 10, 2010 1:39 pm
Location: Bet Angel HQ
Contact:

Wed Jul 29, 2020 7:52 pm

Make sure you apply updates all the time as well. Lots of info gets shared on back door exploits, they are usually quickly updated by MS when discovered.

sa7med
Posts: 768
Joined: Thu May 18, 2017 8:01 am

Wed Jul 29, 2020 7:53 pm

I just changed the Administrator username to something of my choosing. Believe that achieves the same?

I just checked on the VPS supplied by betangel and noticed 2 more accounts (a guest one and a default account), should I just delete these?

User avatar
megarain
Posts: 1322
Joined: Thu May 16, 2013 1:26 pm
Location: skype : megarain.co.uk@gmail.com
Contact:

Wed Jul 29, 2020 8:40 pm

I also created a new user name, but it says its not authorized for remote login.

How do u fix that ?

Thx

User avatar
ShaunWhite
Posts: 5969
Joined: Sat Sep 03, 2016 3:42 am

Wed Jul 29, 2020 10:45 pm

megarain wrote:
Wed Jul 29, 2020 8:40 pm
I also created a new user name, but it says its not authorized for remote login.

How do u fix that ?

Thx
I've not looked at this for a year or more but this is/was my checklist. I think #6 might point to the place you'd enable/disable it?
Screenshot_4.png
You do not have the required permissions to view the files attached to this post.

User avatar
megarain
Posts: 1322
Joined: Thu May 16, 2013 1:26 pm
Location: skype : megarain.co.uk@gmail.com
Contact:

Thu Jul 30, 2020 12:44 pm

If having a VPS login as Admin or administrator is asking for problems, maybe Bet Angel could consider changing the default settings.

All my VPS come with Administrator by default.

User avatar
megarain
Posts: 1322
Joined: Thu May 16, 2013 1:26 pm
Location: skype : megarain.co.uk@gmail.com
Contact:

Thu Jul 30, 2020 1:01 pm

There is an option here to change the Administrator's name to something else. Is this it ?
Admin changed name.jpg
You do not have the required permissions to view the files attached to this post.

User avatar
Euler
Posts: 19448
Joined: Wed Nov 10, 2010 1:39 pm
Location: Bet Angel HQ
Contact:

Thu Jul 30, 2020 1:54 pm

I'll write something up

User avatar
ShaunWhite
Posts: 5969
Joined: Sat Sep 03, 2016 3:42 am

Thu Jul 30, 2020 2:08 pm

That would work. Although I always set up a 2nd user and then disable Admin. That's incase I have a problem and want to look at what the default settings were.

The defaults have to be set to something and Admin is just what it is. All VPSs are the same. It's like phone passwords being 0000.

Post Reply

Return to “General discussion”

  • Information
  • Who is online

    Users browsing this forum: Google [Bot] and 1 guest