Topic: My server has been hacked.

[haliparotin]

monoman


How do you know your have been hacked?


do you have any status or detail you found


for our safety not only for me also for all SME community


Thank you

[monoman]

This is part of the response I received from the security team.

Yep, you've got a script kiddie there. But how did they get in? Did you
have ssh enabled with password authentication?

Yes

Well, that is very likely how they gained entry. In which case there is no
software vulnerability for us to fix. Just a wetware vulnerability

I have since disabled remote access.

[janet]

monoman

I have since disabled remote access.

You can use Public Private keys to securely access your sme server using ssh, see
http://wiki.contribs.org/SSH_Public-Private_Keys

[guest22]

We need to add pointers to the wiki regarding "Best parctices accessing SME Server remotely"

http://wiki.contribs.org/Best_practices_accessing_SME_Server_remotely

- Explain the risks of enabling ssh password
- Explain using certificates opposed to passwords
- Explain to change well known ports (e.g. port 22 for ssh)
- Explain how fail2ban works
- Point to VPN contribs e.g. openvpn (no longer PPTP)
- Other hints and tips

All perfectly doable with SME Server.

guest