0 views collected around this technical thread.
This article details a real‑world Linux server breach, describing the symptoms, investigative commands, log analysis, malicious script removal, file attribute unlocking, and practical remediation steps, while highlighting key lessons and preventive measures for future security.
This article walks through a real-world intrusion on an Alibaba Cloud CentOS server, detailing how a disguised gpg-agentd process was used to install backdoors, hijack SSH keys, exploit Redis, and launch mass scanning, and provides concrete hardening recommendations to prevent similar attacks.
This guide explains step‑by‑step how to install the GeoIP2 library, compile Nginx with the ngx_http_geoip2 module, download the MaxMind GeoLite2 database, configure Nginx to map country codes, and block non‑Chinese visitors by returning a 404 response.
This article reviews several leading cross‑platform antivirus products—Avast, ESET NOD32, F‑PROT, ClamAV, Comodo, and Sophos—highlighting their features, Linux compatibility, and considerations for securing servers while noting that proper security practices may reduce the need for constant antivirus deployment.
This article details a real‑world Linux server intrusion, describing the observed symptoms, the forensic investigation using commands like ps, top, last, and grep, the removal of malicious cron jobs and backdoors, and the lessons learned for securing SSH, file attributes, and cloud security groups.
This article details a recent server intrusion case, describing the observed symptoms, possible causes, step‑by‑step forensic investigation using commands like ps, top, grep and crontab, and comprehensive remediation actions such as tightening SSH security, unlocking and restoring system binaries, removing malicious scripts, and key lessons for future protection.
This article documents a real‑world Linux server compromise, detailing the observed symptoms, forensic commands, malicious scripts, file‑locking tricks, and a step‑by‑step remediation process including SSH hardening, cron cleanup, chattr usage, and preventive security recommendations.
This article documents a recent Linux server compromise, detailing observed symptoms, investigative commands, discovered malicious scripts, and step‑by‑step remediation actions such as restricting SSH access, unlocking and restoring system utilities, removing malicious cron jobs, and hardening the system against future attacks.
This article details a real‑world Linux server compromise, describing the symptoms, possible causes, investigative commands, hidden malicious scripts, file attribute locks, and practical remediation steps to restore the system and improve future security.
Facing constant port scans and malicious login attempts on a public server, the author outlines a self‑developed IP filtering solution that automatically adds trusted IPs to a whitelist, featuring multi‑process support, concurrency, daemon mode, a web management panel, traffic statistics, and interception logging.
This article recounts a real‑world incident where a SpringBoot server was compromised by a crypto‑mining malware, details the malicious code and its actions, shows forensic traces left on the system, and provides step‑by‑step remediation and hardening recommendations.
This guide explains how to build a dynamic IP blacklist using Nginx, Lua scripts, and Redis to block malicious or unwanted requests at the server level, covering architecture choices, installation steps, configuration details, and the benefits of a lightweight, shared, and easily updatable solution.
This guide explains how to install the ngx_http_geoip2 module, upgrade Nginx, configure GeoIP2 databases, and modify the Nginx configuration to block requests from foreign IP addresses, providing step‑by‑step commands and example code for a Linux server.
After my small 1‑CPU, 2 GB server was compromised by a crypto‑mining virus that hijacked SSH access, I used VNC to investigate, identified malicious processes, traced infected files, removed cron jobs, restored system utilities, repaired SELinux, and closed the Redis vulnerability to fully recover the machine.