i opened my ssh port to do work remotely and in less than 24hrs, it got hacked.
i think the hacker got hold of my root password and setup a mining client on it.
it consumes the entire network and cpu ..
had to shut down.. he ran some kind of xmrig (c3pool)
I traced the ip he used to 54.36.15.99
But it look like it is some kind of mesh node coz the c3pool is in china?
anyway, not going to waste my time...lesson learn use strong password and don't expose ssh port on default ports
Good reference: https://www.securitynewspaper.com/2020/05/01/how-to-check-if-your-linux-server-is-hacked-or-not/
