Background: 15 years of experience in software and apparently spoiled because it was already set up correctly.

Been practicing doing my own servers, published a test site and 24 hours later, root was compromised.

Rolled back to the backup before I made it public and now I have a security checklist.

  • kibiz0r@midwest.socialEnglish
    1·
    10 months ago

    One time, I didn’t realize I had allowed all users to log in via ssh, and I had a user “steam” whose password was just “steam”.

    “Hey, why is this Valheim server running like shit?”

    “Wtf is xrx?”

    “Oh, it looks like it’s mining crypto. Cool. Welp, gotta nuke this whole box now.”

    So anyway, now I use NixOS.

    • pageflight@lemmy.worldEnglish
      1·
      10 months ago

      Good point about a default deny approach to users and ssh, so random services don’t add insecure logins.

    • Tablaste@linux.communityOPEnglish
      0·
      10 months ago

      I published it to the internet and the next day, I couldn’t ssh into the server anymore with my user account and something was off.

      Tried root + password, also failed.

      Immediately facepalmed because the password was the generic 8 characters and there was no fail2ban to stop guessing.

      • PotatoesFall@discuss.tchncs.de
        0·
        10 months ago

        wow crazy that this was the default setup. It should really force you to either disable root or set a proper password (or warn you)

              • steventhedev@lemmy.world
                0·
                10 months ago

                Many cloud providers (the cheap ones in particular) will put patches on top of the base distro, so sometimes root always gets a password. Even for Ubuntu.

                There are ways around this, like proper cloud-init support, but not exactly beginner friendly.

              • satans_methpipe@lemmy.world
                0·
                10 months ago

                Yeah I was confused about the comment chain. I was thinking terminal login vs ssh. You’re right in my experience…root ssh requires user intervention for RHEL and friends and arch and debian.

                Side note: did you mean to say “shot themselves in the root”? I love it either way.

  • Admiral Patrick@dubvee.orgEnglish
    0·
    10 months ago

    And this is why every time a developer asks me for shell access to any of the deployment servers, I flat out deny the request.

    Good on you for learning from your mistakes, but a perfect example for why I only let sysadmins into the systems.