Hi,
Since saturday, my Digital Ocean's VPS (debian) is inaccessible in ssh / sftp / http. My website are down.
I didn't do anything but a strange and sudden activity seems explained this issue. I think this changment is the cause.
Tonight I started / stopped my VPS and I noticed that I had a peak every 2 minutes (19:20:00, 19:22:00, 19:24:00...). But I have no active cron (I verified) and reading is continuous when my debian is launched (no read = VPS off).
Also, I have a recovery partition and i can mount my principal partition for debug but how to analyze my issue ? I can reproduce on recovery.
I would like to launch some commands on cron with a file on output, like iotop, but iotop is not installed on my server and apt-get doesn't work. wget for get a tar.gz doesn't work too. I'm a bit lost...
Thanks for your help !
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Diagnose the I/O disk from a recovery partition
Re: Diagnose the I/O disk from a recovery partition
Hi, i found xmrig on my server but I didn't installed it, I don't understand. My VPS seems corrupted.
I removed Monero miner service but that doesn't fixed my issue...
I removed Monero miner service but that doesn't fixed my issue...
-
- df -h | grep > 20TiB
- Posts: 1418
- Joined: 2012-10-06 05:31
- Location: /dev/chair
- Has thanked: 79 times
- Been thanked: 191 times
Re: Diagnose the I/O disk from a recovery partition
s/corrupted/pwned/g
FTFY.
Disk I/O is the least of your problems, the presence of miners and lockout of SSH are obvious indications of a compromised machine. Nuke it from orbit and start again, and this time you might want to think about securing it properly.
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.