[ale] I was hacked!

Crawford Rainwater crawford.rainwater at linux-etc.com
Mon Nov 4 12:24:02 EST 2019 

(Pardon the delayed response in advance since I receive this list in a
daily digest format.)
<...orignal email snipped...>

If I may suggest, look up the CIS Benchmark (at the very least) for the OS
you are using on the VPS.  Use that as a guide to further harden your
system.  This not only includes SSH (e.g, disable "root" as you noted, but
use "AllowUsers" or similar as another aspect), but other aspects as well.
I admit with a hosted system, you may not be able to do 100% of the CIS
Benchmark guide (e.g., isolating certain directories as partitions being
one of the kickers typically), but you can get a good 90% minimum.

<shameless plug>
Linux ETC does offer security review and monitoring services (fee based)
for a third party perspective if desired.  Granted, we will not be doing
physical penetrations after what happened to Coalfire's employees in Iowa.
;-)
</shameless plug>

--- Crawford

-- 
*The Linux ETC Company*

10121 Yates Court
Westminster, CO 80031 USA

*voice:*  +1.303.604.2550
*web:*    http://www.linux-etc.com 
<http://www.linux-etc.com/>

Please do not print this email unless it is 
absolutely necessary.  Be friendly to the environment by saving paper.


*NOTICE:* This communication and attachments, are covered by the Electronic 
Communication Privacy Act, USC 18 Sections 2510-2521, is confidential and 
may contain legally privileged information. If you are not the intended 
recipient or believe you have received this communication in error, please 
do not print, copy, retransmit, disseminate or otherwise use this 
communication or any of the information contained herein.


*CONFIDENTIALITY:* This e-mail and its attachments are intended for the 
above named only and may be confidential. If they have come to you in 
error, you must take no action based on them, nor must you copy or show 
them to anyone; please reply to this e-mail and highlight the error. E-mail 
and internet communications cannot be guaranteed to be secure or without 
error.  E-mail you send us may subject to review, monitoring and/or 
discovery by a third parties.

*WARNING:* Computer viruses can be 
transmitted via email. The recipient should check this email and any 
attachments for the presence of viruses. This company and/or individual 
accepts no liability for any damage caused by any virus transmitted by this 
email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20191104/3ba7ee6f/attachment.html>

More information about the Ale mailing list