IP of my dietpi is listed abuseipdb.com
This IP address has been reported a total of 151 times from 88 distinct sources.
How to check if been hacked?
Could you explain a little your setup?
Where is the dietpi running? Inside your home, in a data center?
Does it have a public IPv4 or IPv6? Does the IP belong to the wan interface of your router? Or maybe you are behind CGNAT? Is that the IP you saw in the abusedb?
internet in my home, public ipv4, IP of my router is in abusedb
It was my fault
- dietpi was in DMZ all ports open to internet
- weak root password
- installed Webmin
Someone added new user with root rights (I just checked /etc/passwd)
How to block root login in OpenSSH and DropBear?
dropbear -h
...
-w Disallow root logins
...
-s Disable password logins
-g Disable password logins for root
...
-p [address:]port
Listen on specified tcp port (and optionally address),
up to 10 can be specified
(default port is 22 if none specified)
...
Then edit /etc/default/dropbear and add them in DROPBEAR_EXTRA_ARGS
It is advised to create SSH keys for login and use them, then to disable password logins.
For SSHd edit /etc/ssh/sshd_config
...
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
2 Likes