This article walks through a real‑world server breach where a disguised gpg‑agentd process was used to install backdoors, download malicious scripts, exploit Redis, and launch mass scans, and then offers concrete hardening steps to prevent similar compromises.
A detailed forensic walk‑through reveals how a disguised gpg-agentd binary compromised a CentOS server on Alibaba Cloud, using SSH key injection, malicious cron jobs, Redis abuse, and masscan scanning to spread and mine cryptocurrency.
A detailed forensic walkthrough reveals how a compromised CentOS server was hijacked via a disguised gpg-agentd process, leveraged cron jobs to download malicious scripts, abused Redis for persistence, and used masscan for rapid scanning, followed by practical security recommendations to harden servers and Redis instances.
This article walks through a real‑world compromise of an Alibaba Cloud server, detailing how a disguised gpg‑agentd process was used to install backdoors, hijack SSH keys, exploit Redis, and launch mass scanning with malicious scripts, and it concludes with practical hardening recommendations.
A compromised CentOS server was frozen by Alibaba Cloud after malicious outbound traffic; the investigation uncovered a disguised gpg‑agentd process, malicious cron jobs downloading remote scripts, a Redis exploit that injected SSH keys, and mass‑scan tools, illustrating a sophisticated multi‑stage malware infection.
A detailed forensic walk‑through shows how a compromised CentOS 6 server was infected by a disguised gpg‑agentd binary, how the attacker used cron jobs to pull malicious scripts, leveraged Redis write‑file vulnerabilities and masscan to scan the Internet, and provides concrete hardening recommendations.
The article chronicles Meituan‑Dianping’s external network port monitoring evolution—from slow Python‑driven Nmap scans to a fast Masscan‑Nmap pipeline and real‑time traffic‑driven DPDK module—explaining black‑box scanning, white‑box analysis, best‑practice recommendations, and the critical role of continuous port visibility for security.
