๐คcodegen๐12y๐ผ70๐จ๏ธ21
(Replying to PARENT post)
no customer data was exposed during the attack
How did you confirm that?
๐คscoot๐12y๐ผ0๐จ๏ธ0
(Replying to PARENT post)
This whole post reads like "How Not to Use AWS" instruction guide.
If you're running anything important on a single EC2 instance, you're doing it wrong. If you're logging in and manually configuring an EC2 instance, you're also doing it wrong.
๐คOptimusSubprime๐12y๐ผ0๐จ๏ธ0
(Replying to PARENT post)
Clear and open about it. Good.
๐คVaucGiaps๐12y๐ผ0๐จ๏ธ0
(Replying to PARENT post)
Asked my team to review their Jenkins passwords and Jenkins user rights...
๐คpriitp๐12y๐ผ0๐จ๏ธ0
(Replying to PARENT post)
"C source named backdoor.h"
Why would an attacker leave a file with that name? Seems like misdirection or a mistake. How are you going to verify they did nothing else?
๐คladzoppelin๐12y๐ผ0๐จ๏ธ0
(Replying to PARENT post)
Was the original attack via jenkins? all it says some vague privilege escalation was used to upload c file. what?
๐คwaitwhat7๐12y๐ผ0๐จ๏ธ0
(Replying to PARENT post)
First of all, your stupid copy/paste script has completely broken copy-paste. When I copy, I get nothing except the spam you're trying to inject, so congrats on managing to piss me off right off the bat.
Second, why even list A, B, or C? Whoever thought running Jenkins as a passwordless sudo user shouldn't be doing sysops. Why was Jenkins even public facing? At worst, put it behind a VPN.
๐คdrivebyacct2๐12y๐ผ0๐จ๏ธ0
(Replying to PARENT post)
So... if the attacker would not have had deactivated SSH by accident they would not have noticed?
๐คOGC๐12y๐ผ0๐จ๏ธ0
(Replying to PARENT post)
I see irony in the "getting hacked" part. But seriously, if he is more experienced, then why do they have machines unpatched like that for 6 months?
"it seems it was indeed a kid who did not understand how to install a proper rootkit and cover up his tracks"
It is rather bold to be posting about how you just got hacked by not applying simple patches, and to then bash the "kid" who couldn't install a proper rootkit.