Skip to content

Instantly share code, notes, and snippets.

@Alir3z4

Alir3z4/Anti-Hack.md

Last active December 16, 2020 13:00
Show Gist options
  • Save Alir3z4/3dcb63737fdd9c65c8c6 to your computer and use it in GitHub Desktop.
Save Alir3z4/3dcb63737fdd9c65c8c6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Anti-Hack.md

Lately we had many reports from people that their server got blocked from us due to Anti-Hack. Our users were stating that none of them did anything wrong, some of them didn't even use the machines, their server would get blocked before they even gain access to it.

Kloud51 team started testing all the official and un-official OpenVZ OS templates one by one, so far all of them were fine with not a single malicious files or activity. We ran many tests and different tools to find a hole or malicious file, absolutely nothing was there.

We launched hundreds of VPS machines and keep monitoring them, each with different OS templates and kind of software installed on. Of course we got some help from volunteers in this test from our clients, which they allow us to install our monitoring and log collectors on their machines.

Result was obvious, amazing, not only we found the source of the issues but solution to fix them as well.

VPS machines would get hacked or cracked and get rootkit and back doors installed on them in less than 5 minutes, each attacks coming from many different IPs and changing attacks in seconds, once the hack attempt got sucessfull, most of the time a rootkit would ge installed or a ser with root root access would be created in the system. There were many different kind of attacks that we were surprised how they were working.

Good news is we found the solution to prevent such attacks, below you can see what kind of customization we've done on each server image to get them working securely.

It's been a while that we started hardening our OS templates:

  • Configuring firewalls
  • iptables
  • SSH Brute Force
  • FTP Hardening
  • Closing Unused Ports
  • Removing unnecessary applications
  • Install CRON jobs to ensure all these.
  • Disabled unused service and daemons

So far our secured images are as below:

We're adding more secured images, we update this list once an image has been added.

I'd like to note that having all of these won't help if you have a weak password and root allowed login either with authentication_key or password you'll be doomed most of the times.

Take care of your machines, secure them, change default SSH port and always be aware what is being running in the background of your machine. Tools like top, htop and ps are wild bunch you're looking for when going to find running processes.

By Alireza Savand, CEO & Founder SavandBros

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment