VPS hacked

A place to discuss anything.
Post Reply
User avatar
megarain
Posts: 2040
Joined: Thu May 16, 2013 1:26 pm
Contact:

A brand new server which was set-up 2 months ago and never used was hacked.

I have no idea how they got access etc, but this is what u see :

Luckily there was nothing on there, but its made me think about logging out of everthing before I switch off at night.
You do not have the required permissions to view the files attached to this post.
User avatar
ShaunWhite
Posts: 9731
Joined: Sat Sep 03, 2016 3:42 am

Thx for the reminder.

Easiest thing to do to secure a new VPS is to setup an new user account with admin rights, then disable the admin account*. If 'Admin' or 'Administrator' isn't a valid user then that's an extra level of hassle for them and they'll probably just move to the next IP on the list and try 'Admin' on that instead.

Dozens of other things you can do obvioulsy but that's easiest and pretty good. Same for home PCs too, if you have a user account called admin or administrator that's just asking for an attack.

*Make sure the new account works first otherwise you'll lock yourself out.
User avatar
Euler
Posts: 24701
Joined: Wed Nov 10, 2010 1:39 pm
Location: Bet Angel HQ

Make sure you apply updates all the time as well. Lots of info gets shared on back door exploits, they are usually quickly updated by MS when discovered.
sa7med
Posts: 800
Joined: Thu May 18, 2017 8:01 am

I just changed the Administrator username to something of my choosing. Believe that achieves the same?

I just checked on the VPS supplied by betangel and noticed 2 more accounts (a guest one and a default account), should I just delete these?
User avatar
megarain
Posts: 2040
Joined: Thu May 16, 2013 1:26 pm
Contact:

I also created a new user name, but it says its not authorized for remote login.

How do u fix that ?

Thx
User avatar
ShaunWhite
Posts: 9731
Joined: Sat Sep 03, 2016 3:42 am

megarain wrote:
Wed Jul 29, 2020 8:40 pm
I also created a new user name, but it says its not authorized for remote login.

How do u fix that ?

Thx
I've not looked at this for a year or more but this is/was my checklist. I think #6 might point to the place you'd enable/disable it?
Screenshot_4.png
You do not have the required permissions to view the files attached to this post.
User avatar
megarain
Posts: 2040
Joined: Thu May 16, 2013 1:26 pm
Contact:

If having a VPS login as Admin or administrator is asking for problems, maybe Bet Angel could consider changing the default settings.

All my VPS come with Administrator by default.
User avatar
megarain
Posts: 2040
Joined: Thu May 16, 2013 1:26 pm
Contact:

There is an option here to change the Administrator's name to something else. Is this it ?
Admin changed name.jpg
You do not have the required permissions to view the files attached to this post.
User avatar
Euler
Posts: 24701
Joined: Wed Nov 10, 2010 1:39 pm
Location: Bet Angel HQ

I'll write something up
User avatar
ShaunWhite
Posts: 9731
Joined: Sat Sep 03, 2016 3:42 am

That would work. Although I always set up a 2nd user and then disable Admin. That's incase I have a problem and want to look at what the default settings were.

The defaults have to be set to something and Admin is just what it is. All VPSs are the same. It's like phone passwords being 0000.
User avatar
megarain
Posts: 2040
Joined: Thu May 16, 2013 1:26 pm
Contact:

Am thinking how to limit the damage a hacker could do if they got into your VPS and it was logged into Bet Angel (running overnight Bots etc).

If u turn on confirm bets or limit exposure, it would help but might affect how bots would run.

Parking money on a dormant market might also help, as they wouldn't know how to find the account.

Mabe its over-stressing, but have had 3 VPS accounts hacked in 2 yrs.
User avatar
ShaunWhite
Posts: 9731
Joined: Sat Sep 03, 2016 3:42 am

megarain wrote:
Thu Jul 30, 2020 3:04 pm
Am thinking how to limit the damage a hacker could do if they got into your VPS and it was logged into Bet Angel (running overnight Bots etc).

If u turn on confirm bets or limit exposure, it would help but might affect how bots would run.

Parking money on a dormant market might also help, as they wouldn't know how to find the account.

Mabe its over-stressing, but have had 3 VPS accounts hacked in 2 yrs.
Losing the Admin account will help cos they have to guess the userID and the password, not just a brute force attack on the password. And setting the #invalid attempts to 5 before it locks out for 30mins is a massive help too. Really slows down any attack.

But as an extra layer of security maybe BA should have a locked mode when you leave it doing it's thing?....with a password to unlock it....with optional 2 stage authentication as belt and braces.
User avatar
megarain
Posts: 2040
Joined: Thu May 16, 2013 1:26 pm
Contact:

But as an extra layer of security maybe BA should have a locked mode when you leave it doing it's thing?....with a password to unlock it....with optional 2 stage authentication as belt and braces.
That would be v useful.
User avatar
firlandsfarm
Posts: 2688
Joined: Sat May 03, 2014 8:20 am

It's good practice even with your PC to only use the Admin account when you want to make administrative changes then log out and log back in as a Standard user.
Vovsen
Posts: 107
Joined: Sat Nov 03, 2018 4:50 pm

ShaunWhite wrote:
Wed Jul 29, 2020 10:45 pm
megarain wrote:
Wed Jul 29, 2020 8:40 pm
I also created a new user name, but it says its not authorized for remote login.

How do u fix that ?

Thx
I've not looked at this for a year or more but this is/was my checklist. I think #6 might point to the place you'd enable/disable it?

Screenshot_4.png
Managed to lock myself out doing this, should have tested the user first before rebooting like you said in the previous post :D
Post Reply

Return to “General discussion”