My Debian box got hacked and had its data encrypted. I only had SSH Nginx, PHP, MediaWiki and Rsync running on this. How do you think they got in? Is there a place to learn about how to harden this?
Thanks.
ssh bruteforce, or a vulnerability in something that may be out of date, be sure to have connection logs & failban
>>59184191
Is there any point in fail2ban if i only use ssh keys?
>>59184237
I don't think so, since disabling username/password login would negate any bruteforce attemps
make sure you disable it though. some people enable key based authentication and forget to disable user/pass ability
Reinstall the OS. Restore your data from backups. Run ssh and other security holes in containers or VMs.