Restore the server after the attack
The user is:
“Good day !There is a server on Centos 7.On December 11, after receiving from the host a list that my server began brut-force its network,
After entering the server seeing an unknown user, the program on Python I got by PID
But I see what were changes in /etc/sudoers, /etc/passwd was copies in /etc/passwd- the right to remove that user is not even in the route, writes jakas light to the beginning nibi there is no place, then then still something...
I could have looked at myself, until the moment when I began to feel sho in such matters I missed knowledge ...
In the logs list ta listb empty, more accurate logs there is no.... or there was no their or someone loses
Please take care of the same way that I got to the server, conduct an audit of security and renew the server’s workability.”
After the audit, it was revealed that it was faster and easier to create a new virtual machine and re-set it all.The #docker and the management and deployment components of the containers, the entire traffic closed behind the #Cloudfare and/or its competitors, are set.Corrected errors in #Fairwall and set correctly.Defending the #ssh
“Good day !There is a server on Centos 7.On December 11, after receiving from the host a list that my server began brut-force its network,
After entering the server seeing an unknown user, the program on Python I got by PID
But I see what were changes in /etc/sudoers, /etc/passwd was copies in /etc/passwd- the right to remove that user is not even in the route, writes jakas light to the beginning nibi there is no place, then then still something...
I could have looked at myself, until the moment when I began to feel sho in such matters I missed knowledge ...
In the logs list ta listb empty, more accurate logs there is no.... or there was no their or someone loses
Please take care of the same way that I got to the server, conduct an audit of security and renew the server’s workability.”
After the audit, it was revealed that it was faster and easier to create a new virtual machine and re-set it all.The #docker and the management and deployment components of the containers, the entire traffic closed behind the #Cloudfare and/or its competitors, are set.Corrected errors in #Fairwall and set correctly.Defending the #ssh
Poltava 
Available for hire