Ubuntu 10.04
Standard install with GUI
Setup as LAMP server
Hello,
I do believe my server finally got hacked, or at least I finally found evidence.
The evidence came from the Fail2ban Jail.conf file
An unknown IP address had apparently been added to the Ignore list on each of the jail configurations.
I have one other IP address there and that was a local IP address.
My passwords were complex and I blocked all countries other than the US and even all the proxy server I could find.
Updates were up to date.
What was the likely vector they used to gain access?
SSH is disabled and there is no remote access configured.
Thx
Bookmarks