Hetzner server got hacked within 3weeks?

I had a message from hetzner abuse today saying that there is malware on my server.

Does anyone have any tips to protect my server in the future? I know this is a whole technical area that would take me months to learn, but does anyone have a list of the basics i need to do on my server to ensure as much as possible is covered? then i can research the things you mention and implement them.

I saw a lot of people recommending hetzner here but didn’t realise how much you needed to do to secure it haha

I have been using multiple private vps over the last 4 years and not once have I had it hacked.

So without writing a long long reply…

Security 101 - this applies to every PC and not just a server as well

  • Don’t click on links you don’t know
  • Don’t download/open files you haven’t checked using virustotal
  • Don’t run scripts/apps you are not 100% sure have no malicious script (a python script wouldn’t flag up in the antivirus but it could have a backdoor which you wouldn’t know about)
  • Use antivirus - BitDefender, nod32, kaspersky - all cost less than 50$ per year and will protect you even if you don’t follow all of the above (most likely, it’s possible that some malicious scripts can slip through it’s filters but unlikely if you keep it up to date)

edit: oh and almost forgot - have a long secure password for your VPS including the CAPS, lower, 123 and !$%^. Ideally 10+ characters as VPS are often targeted to be cracked and used for blackhat stuff like carding etc.

1 Like

Thanks. Just installed some antivirus & made my password extra long. Do you use all 3 antivirus?

I also noticed that there was no lockout period when inputting wrong password X times, so i incorporated that too.

I belive that if you use all at the same time that could lead to issues of them blocking each other when finding a file etc. I belive @BruceSilduk just wanted you to have a choice of Antivirus Software

1 Like

no, just pick one and use it. But not all are equal - malwarebytes for example is very popular but it is known not to pick up as much as say bitdefender or nod32 would. But then again, antivirus is there to be an extra layer of security, as long as you’re cautious you won’t need to worry about getting malware in the first place.

And yes, this is a very known vulnerability issue with VPS systems, I don’t think any of them come with the bruteforce as default.

However, a decent password will keep you safe for very long :smiley: I keep my passwords like this:
and it would take this long to bruteforce it :smiley:

Now lets pick something like most users pick

1 Like

You don’t need an antivirus on a server :see_no_evil:
You control everything that is happening there.

Maybe @schoko can help you out.

What was the exact message?


Dear Sir or Madam,

from trusted external sources, CERT-Bund received information on
IP addresses geolocated in Germany which are most likely hosting
a system infected with malware.

Please find below a list of affected systems on your
network. Each record includes the IP address of the affected system,
a timestamp (UTC) and the name of the related malware family.
If available, the record also includes the source port, destination IP,
destination port and destination hostname for the connection most
likely triggered by the malware to connect to a command-and-control

Most of the malware families reported here include functions for
identity theft (harvesting of usernames and passwords) and/or
online-banking fraud.

then it says some malware types and my ip:

| 2021-01-19 11:27:58 | nivdort | 53242 | | 80 | dutyunder.net | tcp
2021-01-19 11:21:03 | zeus | 52812 | | 80 | 1ga4nc5aazlojtcevyxsuv4je.com |
2021-01-19 11:21:18 | zeus | 53348 | | 80 | 463edacb9247.com |