My VPS Hacked
So today I noticed one of my VPS was constantly timing out since UptimeRobot was spamming my email so I decided to log into it.
I never used this VPS for anything for the past few months, it was just a fresh OS Install.
Here is a screen shot of the **last **command
I was surprised to see a strange IP, 18.104.22.168
Turns out its' from China http://www.ip-adress.com/ip_tracer/22.214.171.124
the cpe788 logins are me.
My VPS was infected for the past few days and it was being used for DDOS attacks for the past few days
I'm now 17TB over my quota.
As far as I can tell, theres a file called b26 in /root which is probably the DDOS Script.
I was not using a weak password, I generated my password for all users from this link.