added falcon shutdown post and removed link
This commit is contained in:
parent
ed72d53977
commit
4d49889082
|
@ -9,6 +9,3 @@
|
|||
|
||||
- name: "Mumble server - gmur.ml"
|
||||
url: https://gmur.ml
|
||||
|
||||
- name: "Minecraft server - falcon.socialnerds.org"
|
||||
url: https://falcon.socialnerds.org
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
layout: post
|
||||
title: Gameserver hack (the falcon has fallen)
|
||||
---
|
||||
|
||||
Hello friends,
|
||||
|
||||
our beloved game server (*falcon.socialnerds.org*) has been compromised by a hacker. I learned about it when network access was blocked by the hosting provider today. We don't know exactly how this came to pass but *falcon* was infected by malware which installed the so called **Bill Gates Botnet** ([here](https://www.akamai.com/fr/fr/multimedia/documents/state-of-the-internet/bill-gates-botnet-threat-advisory.pdf) is a very detailed report about it).
|
||||
|
||||
Usually these attacks try to brute-force their way into the root account. Though i cannot see how this was possible since we had password authentication and root login disabled right from the beginning.
|
||||
|
||||
In the end i was able to clean out the malware and recover all game server data. Though since the attacker could have left more mailicious code i decided to get rid of *falcon* and setup a brand new server at [endeavour.socialnerds.org](https://endeavour.socialnerds.org).
|
||||
|
||||
Also i hardened the ssh config of all other machines and implemented stronger passwords (i'm also thinking fail2ban).
|
||||
|
||||
Cheers!
|
Loading…
Reference in New Issue