0 views collected around this technical thread.
The article recounts a Kubernetes cluster intrusion where a misconfigured kubelet allowed crypto‑mining, details the forensic steps taken—including empty iptables, kubelet API exposure, and commented‑out settings—and offers concrete hardening recommendations to prevent similar attacks.
A self‑built Kubernetes cluster suffered a crypto‑mining intrusion due to empty iptables and a misconfigured kubelet, prompting a detailed post‑mortem that outlines the symptoms, root‑cause analysis, and practical hardening steps to protect similar environments.
A Kubernetes node was compromised for Monero mining due to empty iptables, exposed kubelet API, and a commented‑out security flag, prompting a detailed forensic analysis and a set of hardening steps to secure the cluster against similar attacks.
After my small 1‑CPU, 2 GB server was compromised by a crypto‑mining virus that hijacked SSH access, I used VNC to investigate, identified malicious processes, traced infected files, removed cron jobs, restored system utilities, repaired SELinux, and closed the Redis vulnerability to fully recover the machine.
This article details a multi‑stage server compromise that injected gambling pages, planted hidden accounts, deployed crypto‑mining software, and opened unnecessary ports, providing step‑by‑step forensic analysis, code inspection, emergency response actions, and indicators of compromise.