I want to share logs and some traces.
911
Next time use spot instances.
Hacked how? Did you enable password auth and setup a stupid password?
Lol, how was it hacked? And what kind of ec2 (reserved, spot, on demand, etc)?
I have a basic instance for which I pay roughly 25 USD a month.i don’t know how they gained access but I feel they might haves got root access either via some yum packages or via tomcat. I did try let’s encrypt stuff in last 4 days and that the only I recollect.
Please enter your credit card account number below so that my Engineer can pull up your data account numbers and investigate this Very unfortunate accident. Thank you, Sir!
Here you go Jeff. 4112 7358 0521 9252. If you have further questions pm me.
Did you upload your private keys on github? Try using Gcloud, it has better security features like no ssh key management.
How do you login?
https://cloud.google.com/sdk/gcloud/reference/compute/ssh Basically cli has wrapper over ssh which handles public/private keys per project. When you update key pair, it automatically updates all VMs.
Actually I have the keys stored in my Dropbox folder and I use putty with keys to login.
The person who hacked my account installed some jobs under cron and was executing some programs under var/tmp folder with tomcat user permission. They were executing some shell script by making http call.Vow seems like my server was accessed from every part of world.
Either your kernel was extremely vulnerable or you had a mess up permission setup. On a serious note, you still have basic support if you are not a business user. Just shutoff the machine and tell them what had happened. Someone will reply back to you.
So entry point was your tomcat? Did they get root or they stayed tomcat?
Jeff@amazon.com
My name is Jeff.
How can I be of service, Sir?