Red Asteroid Under Attack!

Since the newsletter went out, CPU load on my little box has tripled. Looks like we got somebody’s attention! Checking the logs, I noticed increased load ever since the newsletter went out:


Even worse, this morning the server crashed and was down for hours!


There were some very strange entries in the system log at the beginning of that time frame, after which all activity mysteriously ceased. Interestingly, the CPU was still active:


But no traffic? Maybe someone hijacked the server to make bitcoins. Anyway, I reset the server and noticed the normal increased load was due to sshd activity. Checking the auth.log, I found out my root login was being brute forced. Lucky root logins are completely disabled on my machine.

Some tweaks of the fail2ban settings later, CPU activity is back to normal.

Leave a Reply