We have tons of PBX’s hosted in the cloud. Never had an issue. This system is locked down by IP with very strong passwords, but yet today we got the Billgates bot
BillGates is malware designed primarily for Linux, and since it is a botnet, it is mostly used for DDoS purposes.
I have been told they need root access to even install this. Anyone know how this happens? We removed everything and had no issues but want to prevent this obviously
yes it’s locked down by IP thats why I’m lost. We had all the files mentioned in my link which is how we knew and the gui was down because apache wouldn’t start, etc. We had it.
SSH login failures and successes are logged in /var/log/secure. If the events have not been rotated away, you might find evidence there, but if you’ve had a root level exploit you can’t fully trust any log on the system.