you can block connections from tor, the ssh keys must be replaced and of course, are you using a passphrase for them?
Regards, Em qua, 3 de abr de 2019 às 16:12, Zeb Packard <[email protected]> escreveu: > If you've got money go here: https://www.openbsd.org/support.html > > If you don't have money go ask here: http://daemonforums.org/ > > Generally, msp, isp, it requests don't go on this list. You've posted no > evidence - a big no no. You need a high level of forensic verification > before you bring this problem to the list. > > Good luck, > > Zeb > > On Wed, Apr 3, 2019 at 11:59 AM Cord <[email protected]> wrote: > > > Hi, > > I have some heavy suspect that my openbsd box was been hacked for the > > second time in few weeks. The first time was been some weeks ago, I have > > got some suspects and after few checks I have found that someone was been > > connected to my vps via ssh on a non-standard port using my ssh key. The > > connection came from a tor exit node. There were been 2 connections and > up > > since 5 days. Now I have some other new suspects because some private > email > > seems knew from others. Also I have found other open sessions on the web > > gui of my email provider, but I am abolutely sure I have done the logout > > always. > > I am using just chrome+unveil and I haven't used any other script or > > opened pdf (maybe I have opened 1 or 2 pdf from inside of chrome). I have > > used epiphany *only* to open the webmail because chrome crash. My email > > provider support html (obviously) but generally photo are not loaded. > > Ofcourse I have pf enable and few service. > > I also use a vpn and I visit very few web site with chrome.. maybe 20 or > > 25 website just to read news. Sometimes I search things about openbsd. > > Anyone could help me ? > > Cord. > > > > > > > > >
