Xiao Liu Lab

Feb 12, 2026 · Information Security

When fail2ban Became a Monero Miner: Detection, Removal, and Prevention

A temporary test server on Tianyi Cloud was compromised by a malicious XMRig miner masquerading as fail2ban, causing CPU usage to skyrocket; the article details how the intrusion was discovered, the forensic steps taken, and a comprehensive remediation and hardening guide to prevent similar attacks.