Hi, My VPN Server has been hacked,
it seems the attacked taped into the OpenVPN module
I Could not determine exactly how he was able to get in
his login attempts do not show up in the user list, nor does his VPN Traffic
I have also enabled security logs but nothing from OpenVPN seemed to go there when he got in
i really wanted to know what user he used (if he even used one of the users)
I Was able to block his attack in my firewall but I was curious there seems they have an exploit they can use against the OpenVPN Module
I have also gathered all the logs to find out how this attacker is getting in
Any suggestions on how to find this out?
My VPN Server has been hacked
-
sky59
- Posts: 477
- Joined: Tue Sep 11, 2018 5:58 pm
Re: My VPN Server has been hacked
I made my server 100000000% resistant against any attack
I use orangepizero that uses SD card as system medium.
I installed everything i needed - se server
But i copy all during boot into /tmp folder that is in ram memory.
My SD card is PERMANENTLY LOCKED even i myself can not do anything about it
Yes, no more changes possible, only to change sd card with new code
If you want to be even more f*cking-off-possible-attackers you can use hardware watch based switch and, say, at 03:00 you can reboot your server by hardswitching off/on - no risk to damage sd card it is locked!
So if any attacker managed to install something into ram system at night it is gone! :) I am sure then it is not an interest of any attackers any more :-)
I use orangepizero that uses SD card as system medium.
I installed everything i needed - se server
But i copy all during boot into /tmp folder that is in ram memory.
My SD card is PERMANENTLY LOCKED even i myself can not do anything about it
Yes, no more changes possible, only to change sd card with new code
If you want to be even more f*cking-off-possible-attackers you can use hardware watch based switch and, say, at 03:00 you can reboot your server by hardswitching off/on - no risk to damage sd card it is locked!
So if any attacker managed to install something into ram system at night it is gone! :) I am sure then it is not an interest of any attackers any more :-)
-
darwin.ranzone
- Posts: 8
- Joined: Wed Jul 15, 2020 2:38 pm
Re: My VPN Server has been hacked
Intetesting Ideas thanks for thatsky59 wrote: ↑Sat Jul 18, 2020 6:17 amI made my server 100000000% resistant against any attack
I use orangepizero that uses SD card as system medium.
I installed everything i needed - se server
But i copy all during boot into /tmp folder that is in ram memory.
My SD card is PERMANENTLY LOCKED even i myself can not do anything about it
Yes, no more changes possible, only to change sd card with new code
If you want to be even more f*cking-off-possible-attackers you can use hardware watch based switch and, say, at 03:00 you can reboot your server by hardswitching off/on - no risk to damage sd card it is locked!
So if any attacker managed to install something into ram system at night it is gone! :) I am sure then it is not an interest of any attackers any more :-)
After further investigation i think i was not hacked, but i was definitely under attack
The Brute force attempt against my OpenVPN daemon cost me a few dozen gigabytes of traffic
but I have blocked everything now and it is all good
it turns out i was confudes about being hacked so false alarm!!
-
darwin.ranzone
- Posts: 8
- Joined: Wed Jul 15, 2020 2:38 pm
Re: My VPN Server has been hacked
After further investigation, it turns out I was not hacked
The brute force attempts to hack my server cost me a few dozen gigabytes of traffic tough
But as for the hacking, it seems it was a false alarm
Thanks for your tips on securing the VPN server
The brute force attempts to hack my server cost me a few dozen gigabytes of traffic tough
But as for the hacking, it seems it was a false alarm
Thanks for your tips on securing the VPN server