Hacker News new | ask | show | jobs
by doguozkan 3920 days ago
I think monitoring your outgoing traffic would give you a clue. Also if what I read on Ars is correct, this botnet preys on weak root passwords, so disabling remote root or using keys would be great ways to protect yourself against this botnet.
1 comments
mirimir 3920 days ago
This! And also, in sshd_config, disable password-based authentication. But first, make sure that key-based authentication works ;)
link