I dont understand how my linux server got hacked? the ssh key was also compromised. I have switched the server off and plan to reinstall a new linux distribution. I also changed my profile password of linode. Do I need to do anything else to protect my self again? Thanks for reading.
Linode has a great guide for locking down your server, if you don't do anything else at a bare minimum do this (<a href="https://www.linode.com/docs/security/securing-your-server" rel="nofollow">https://www.linode.com/docs/security/securing-your-server</a>).<p>I can remember many many moons ago I got hacked too so I know the feeling. If you don't have mission critical stuff, this can be a good thing though, makes you learn how to lock down your servers.<p>Besides locking down your SSH config, Fail2Ban is nice, and be sure to set your iptables so your only accepting packets you want. Also here's a list of other things I usually do:<p>1. Depending on your distro there's usually a way to install automatic security updates, in debian its called unattended upgrades (<a href="https://wiki.debian.org/UnattendedUpgrades" rel="nofollow">https://wiki.debian.org/UnattendedUpgrades</a>)<p>2. Install logwatch to keep yourself periodically updated with whats going on.<p>3. Control your packages. If you don't need services make sure your box is clean of them. Basically, for every service you have on the machine thats one more possible attack point, so just use the ones you know you need.<p>4. In your firewall ignore icmp_echo and icmp_echo_ignore_broadcasts if you can. There's also other stuff you can do in sysctl and with SELinux but I've never really had the need.
Hey, that's a bummer. I've been in the same situation about a year ago (I thought I had done a reasonable job of securing my instalation but they hacked my web application through a vulnerability in jboss)<p>I blogged about it and posted on reddit. Lot's of people gave me useful feedback (checkout this link <a href="http://www.reddit.com/r/programming/comments/1vo7zv/kids_this_is_story_of_how_i_met_my_vps_hacked/" rel="nofollow">http://www.reddit.com/r/programming/comments/1vo7zv/kids_thi...</a>)<p>I'd recommend (as others have said here) disabling password login via SSH (only keys), disable root login, installing fail2ban, update the system regularly, setup firewall to close ports that don't need to be open.
did your server had any type of website running ? such as open source projects installed ? any services or ports running and available to the outside world. Did you have a website running with code you wrote?<p>Out of the box a fresh ubuntu server is pretty secure so you had to install something that exposed some type exploitable code and that's how they got access to your machine.