this post was submitted on 14 Jul 2024
71 points (98.6% liked)

Asklemmy

43893 readers
897 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] Anonymouse@lemmy.world 9 points 4 months ago

I don't know if this applies directly, but in my early days of hosting a server for fun, I installed a telnet server because my phone didn't have SSH at the time. I forgot to close it when i was done and someone got in and installed a password sniffer. This was a Slackware box, IIRC. My only indication that there was a problem was that the "." & ".." directories didn't appear from an "ls -Alf". I pulled the network cable and booted to a boot image and discovered that many key system utilities were replaced with imposters that would mask that there was an intruder. The '"ps", "ls" and other utils were symlinked to the "..." dir in /usr/local/lib.

I didn't trust anything on that server and nuked it. Now, anything that's internet facing is built from ansible and the config is stored in a repo and the repo is backed up on a drive that's physically disconnected except when backing up. I've messed up the initrd from time to time and it's usuall easier for me to reimage than try to fix it.