Re: Ubuntu, Crypto Malware
By: Digital Man to Android8675 on Tue Nov 15 2022 11:51 am
> Re: Ubuntu, Crypto Malware
> By: Android8675 to All on Tue Nov 15 2022 07:51 am
> > Hey all, anyone have any experience with crypto infected Linux systems?
> > So, before I do that I thought I might see if there's anyone who's had
> > experience with this sort of thing who might be willing to take a peek?
> I was running a version of GitLab (a year ago?) that had an exploit
> published and I was vulnerable for about 24 hours before upgrading to a fixe
Is there a simple way to clean out the /tmp folder in Linux, for us phlebs? /var
/log folder getting kindda rhobust too)
So I could not for the life of me figure out where the exploit was on my system
until I watched the process carefully. I could kill the process easily enough (s
udo top), but it would fire up again within 10-15 minutes. So I watched it fire
up and the process information mentioned port 1812 somewhere, and I looked up po
rt 1812 which has something to do with RADIUS authentication?
So I blocked the port on the system and the malware hasn't started up since. I c
ould only guess that the app was being run from a cloud drive somewhere using RA
DIUS to execute the code locally. I've no idea how that works, and I stopped jus
t after because I was tired, but the problem hasn't returned so I'm OK just keep
ing that port blocked until I can figure out how/why it's happening.
I might be OK without RADIUS, at least for now. I checked my router settings to
make sure no erronious ports were open to the system (originally I had the syste
m on the DMZ, but I figured now would be a good time to lock that down).
At any rate, at least I didn't have to reinstall everything, but at some point I
need to update to 22LTS. Something for another day.
--
Android8675@realitycheckbbs.o r g
... Do you know what kind of game this is?
---
■ Synchronet ■ .: realitycheckbbs.org :: scientia potentia est :.
|
