Linux Systems with Exposed SSH Ports, Targeted by Python-Based Botnets

[easyhostmedia]

Mining cryptocurrency with a botnet comprised of Linux-based systems.

Cybersecurity experts believe that a band of experience cybercriminals have created a botnet made of Linux-based systems and is using them to mine Monero, a cryptocurrency.


This is worth a read

https://www.thesslstore.com/blog/linux-systems-exposed-ssh-ports-targeted-python-based-botnets

 

[whmcsguru]

Oh lovely... Keep your stuff up to date, people!

 

[Evolution Host]

Oh lovely... Keep your stuff up to date, people!

This can't be emphasised strongly enough. It's definitely a good idea to configure automatic updates if possible, for example using Unattended Upgrades (Debian/Ubuntu). If you're concerned about an update potentially breaking an existing solution, exceptions can be added for some packages. Automatic updates can greatly reduce the amount of time that your system is left exposed to newly emerging vulnerabilities.

This is worth a read

https://www.thesslstore.com/blog/linux-systems-exposed-ssh-ports-targeted-python-based-botnets

This particular example shows the importance of hardening the security of your SSH server with tools such as fail2ban that can reduce the risk of brute force/password guessing attacks. If password authentication is in use, there's certainly no alternative for a secure password though.

To reduce the risk of fully automated intrusion even further, it's a great idea to use an uncommon non-root username and move the SSH server to a non-default port. Port knocking can also be used to increase the complexity required to successfully port scan for the SSH server. The majority of SSH botnets/worms will only target SSH servers on port 22.

 

[whmcsguru]

Keeping the system up to date is all well and good, but I was referring more to updating your actual scripts and stuff. Running old, vulnerable software (I'm looking at you , WordPress kids) is just asking for this kind of problem

 

[unihost com]

It's definitely a good idea to configure automatic updates if possible, for example using Unattended Upgrades (Debian/Ubuntu).

Auto-updates are not so good as they seem to be. We have auto-updated our Ubuntu OS just yesterday and gotten an error, so we were supposed to restore the previous version. This is widely known, that sometimes updates may consist some bugs and error, so the most part of users prefer to install updates themselves after a few days test of new OS version.

 

[whmcsguru]

Auto-updates are not so good as they seem to be.

Or, your OS just hasn't developed the right tools for them. I'd say the latter, not the former.

We have auto-updated our Ubuntu OS just yesterday and gotten an error, so we were supposed to restore the previous version.

Try an OS that doesn't actually do that then? 20+ years of experience with RH / Cent devices says nope, that doesn't happen there. I'm not even talking about just one device, but quite a few of them

This is widely known, that sometimes updates may consist some bugs and error

No, it's widely known that Ubuntu has this maybe, but not for those of us using professional devices and systems. Redhat has yet to let me down when it comes to these updates. They may in the future, but not something they've done yet