Attacks from a vps

weconnect said:
Hello

now we are getting some more information. and this SSH access is it locked down with only SSH keys or do the SSH server also accepts username and password?

is the SSH locked down to only allow the customers IPs?

and is SSH to the proxmox server locked down and do it allow only SSH Keys or can you login with a username and password? if the proxmox host was compromised then all VMs on that host should be vetted. but in this case it was only 1 VM so that seems unlikely.
Click to expand...
proxmox server and customer's virtual server ssh was open to wan with username and password.
 
runo10 said:
proxmox server and customer's virtual server ssh was open to wan with username and password.
Click to expand...
That is the main issue becouse SSH server is open to anyone and is protected with only username and password.

That means that if the password was not rotated yearly or every 6 months and it was not a secure password.
My guess is that the guest SSH credentials was hacked.

this needs to be locked down to prevent further issues and implement SSH Keys to SSH, lock down SSH for clients servers to only there ips. etc.
 
  • Like
Reactions: Johannes S
weconnect said:
That is the main issue becouse SSH server is open to anyone and is protected with only username and password.

That means that if the password was not rotated yearly or every 6 months and it was not a secure password.
My guess is that the guest SSH credentials was hacked.

this needs to be locked down to prevent further issues and implement SSH Keys to SSH, lock down SSH for clients servers to only there ips. etc.
Click to expand...
Okay, thanks I will disable password access and they will use SSH Keys. It might be the problem. Also I dont have proper firewall. Now I am placing a opnsense firewall server before main server. I will make proxmox access etc for my ip . If you have any other tips, I am open to hear.
 
runo10 said:
Okay, thanks I will disable password access and they will use SSH Keys. It might be the problem. Also I dont have proper firewall. Now I am placing a opnsense firewall server before main server. I will make proxmox access etc for my ip . If you have any other tips, I am open to hear.
Click to expand...
Depending on the host some have there own firewall settings. (Proxmox has its own built in firewall for VMs)
 
You must log in or register to reply here.
Top Bottom