A brand new server which was set-up 2 months ago and never used was hacked.
I have no idea how they got access etc, but this is what u see :
Luckily there was nothing on there, but its made me think about logging out of everthing before I switch off at night.
VPS hacked
You do not have the required permissions to view the files attached to this post.
- ShaunWhite
- Posts: 9731
- Joined: Sat Sep 03, 2016 3:42 am
Thx for the reminder.
Easiest thing to do to secure a new VPS is to setup an new user account with admin rights, then disable the admin account*. If 'Admin' or 'Administrator' isn't a valid user then that's an extra level of hassle for them and they'll probably just move to the next IP on the list and try 'Admin' on that instead.
Dozens of other things you can do obvioulsy but that's easiest and pretty good. Same for home PCs too, if you have a user account called admin or administrator that's just asking for an attack.
*Make sure the new account works first otherwise you'll lock yourself out.
Easiest thing to do to secure a new VPS is to setup an new user account with admin rights, then disable the admin account*. If 'Admin' or 'Administrator' isn't a valid user then that's an extra level of hassle for them and they'll probably just move to the next IP on the list and try 'Admin' on that instead.
Dozens of other things you can do obvioulsy but that's easiest and pretty good. Same for home PCs too, if you have a user account called admin or administrator that's just asking for an attack.
*Make sure the new account works first otherwise you'll lock yourself out.
I also created a new user name, but it says its not authorized for remote login.
How do u fix that ?
Thx
How do u fix that ?
Thx
- ShaunWhite
- Posts: 9731
- Joined: Sat Sep 03, 2016 3:42 am
I've not looked at this for a year or more but this is/was my checklist. I think #6 might point to the place you'd enable/disable it?
You do not have the required permissions to view the files attached to this post.
If having a VPS login as Admin or administrator is asking for problems, maybe Bet Angel could consider changing the default settings.
All my VPS come with Administrator by default.
All my VPS come with Administrator by default.
There is an option here to change the Administrator's name to something else. Is this it ?
You do not have the required permissions to view the files attached to this post.
- ShaunWhite
- Posts: 9731
- Joined: Sat Sep 03, 2016 3:42 am
That would work. Although I always set up a 2nd user and then disable Admin. That's incase I have a problem and want to look at what the default settings were.
The defaults have to be set to something and Admin is just what it is. All VPSs are the same. It's like phone passwords being 0000.
The defaults have to be set to something and Admin is just what it is. All VPSs are the same. It's like phone passwords being 0000.
Am thinking how to limit the damage a hacker could do if they got into your VPS and it was logged into Bet Angel (running overnight Bots etc).
If u turn on confirm bets or limit exposure, it would help but might affect how bots would run.
Parking money on a dormant market might also help, as they wouldn't know how to find the account.
Mabe its over-stressing, but have had 3 VPS accounts hacked in 2 yrs.
If u turn on confirm bets or limit exposure, it would help but might affect how bots would run.
Parking money on a dormant market might also help, as they wouldn't know how to find the account.
Mabe its over-stressing, but have had 3 VPS accounts hacked in 2 yrs.
- ShaunWhite
- Posts: 9731
- Joined: Sat Sep 03, 2016 3:42 am
Losing the Admin account will help cos they have to guess the userID and the password, not just a brute force attack on the password. And setting the #invalid attempts to 5 before it locks out for 30mins is a massive help too. Really slows down any attack.megarain wrote: ↑Thu Jul 30, 2020 3:04 pmAm thinking how to limit the damage a hacker could do if they got into your VPS and it was logged into Bet Angel (running overnight Bots etc).
If u turn on confirm bets or limit exposure, it would help but might affect how bots would run.
Parking money on a dormant market might also help, as they wouldn't know how to find the account.
Mabe its over-stressing, but have had 3 VPS accounts hacked in 2 yrs.
But as an extra layer of security maybe BA should have a locked mode when you leave it doing it's thing?....with a password to unlock it....with optional 2 stage authentication as belt and braces.
That would be v useful.But as an extra layer of security maybe BA should have a locked mode when you leave it doing it's thing?....with a password to unlock it....with optional 2 stage authentication as belt and braces.
- firlandsfarm
- Posts: 2720
- Joined: Sat May 03, 2014 8:20 am
It's good practice even with your PC to only use the Admin account when you want to make administrative changes then log out and log back in as a Standard user.
Managed to lock myself out doing this, should have tested the user first before rebooting like you said in the previous postShaunWhite wrote: ↑Wed Jul 29, 2020 10:45 pmI've not looked at this for a year or more but this is/was my checklist. I think #6 might point to the place you'd enable/disable it?
Screenshot_4.png