Reply to post: Re: Why is the provider still up?

If you don't cover your Docker daemon API port you'll have a hell of a time... because cryptocreeps are hunting for it

bombastic bob Silver badge

Re: Why is the provider still up?

ack on that - I haven't tried wget'ting that file, but if I were them, I'd swap it for something that shuts DOWN the virus wherever the infection exists... ok maybe that is a *bit* too 'grey hat' but "I heard a rumor" that "someone did a shutdown script" like that for code-red infected machines {me whistles with innocent look} that basically detected where the penetration attempted to come from, and back-hacked them and turned of ISS [code red sat in memory, shutting down ISS would stop the infection temporarily].


I was just thinking about this, having had the need to have the network guy open up a non-obvious ssh port into a client's network so I could do things remotely. I was thinking of what security things I would need to add, users and passwords to modify and/or lock out from ssh logins, to an otherwiswe normal ssh daemon, how to do it without locking myself out by accident in the process, and things of THAT nature, then I saw this and "It figures, miscreants are out there TAKING ADVANTAGE of little or no on-site staff capable of mitigating such things".

my own system only allows specific users to log in from outside the network, which have cryptic user names and even MORE cryptic passwords. So I wanted to do something like THAT. But obviously I could lock myself out of logging in at ALL if I'm not uber careful.

and, of course, if I do NOT secure it more tightly, some miscreant out there is likely to POUND ON IT with one of those dictionary-based ssh attacks and maybe not get noticed for HOURS... because I had to open it up to an outside IP address as a result of of coronavirus responses by governments.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon