Subj : Ubuntu, Crypto Malware To : Digital Man From : Android8675 Date : Wed Nov 30 2022 08:27 am Re: Ubuntu, Crypto Malware By: Digital Man to Android8675 on Tue Nov 15 2022 11:51 am > Re: Ubuntu, Crypto Malware > By: Android8675 to All on Tue Nov 15 2022 07:51 am > > Hey all, anyone have any experience with crypto infected Linux systems? > > So, before I do that I thought I might see if there's anyone who's had > > experience with this sort of thing who might be willing to take a peek? > I was running a version of GitLab (a year ago?) that had an exploit > published and I was vulnerable for about 24 hours before upgrading to a fixe Is there a simple way to clean out the /tmp folder in Linux, for us phlebs? /var/log folder getting kindda rhobust too) So I could not for the life of me figure out where the exploit was on my system until I watched the process carefully. I could kill the process easily enough (sudo top), but it would fire up again within 10-15 minutes. So I watched it fire up and the process information mentioned port 1812 somewhere, and I looked up port 1812 which has something to do with RADIUS authentication? So I blocked the port on the system and the malware hasn't started up since. I could only guess that the app was being run from a cloud drive somewhere using RADIUS to execute the code locally. I've no idea how that works, and I stopped just after because I was tired, but the problem hasn't returned so I'm OK just keeping that port blocked until I can figure out how/why it's happening. I might be OK without RADIUS, at least for now. I checked my router settings to make sure no erronious ports were open to the system (originally I had the system on the DMZ, but I figured now would be a good time to lock that down). At any rate, at least I didn't have to reinstall everything, but at some point I need to update to 22LTS. Something for another day. -- Android8675@realitycheckbbs.o r g .... Do you know what kind of game this is? --- þ Synchronet þ .: realitycheckbbs.org :: scientia potentia est :. .