1 views collected around this technical thread.
This article walks through a real‑world server breach where a disguised gpg‑agentd process was used to install backdoors, download malicious scripts, exploit Redis, and launch mass scans, and then offers concrete hardening steps to prevent similar compromises.
This article walks through a real‑world compromise of an Alibaba Cloud server, detailing how a disguised gpg‑agentd process was used to install backdoors, hijack SSH keys, exploit Redis, and launch mass scanning with malicious scripts, and it concludes with practical hardening recommendations.
This article walks through a real‑world Linux server compromise, detailing the symptoms, forensic commands, rootkit discovery, attack vector via an Awstats vulnerability, and provides a comprehensive recovery checklist for securing the system.
After a routine morning, the author discovers an Alibaba Cloud server frozen due to malicious outbound traffic, then traces a sophisticated malware chain involving a disguised gpg-agentd process, malicious cron jobs, compromised SSH keys, Redis exploitation, and mass scanning, culminating in detailed forensic analysis and security recommendations.
This article details a multi‑stage server compromise that injected gambling pages, planted hidden accounts, deployed crypto‑mining software, and opened unnecessary ports, providing step‑by‑step forensic analysis, code inspection, emergency response actions, and indicators of compromise.