Ransomware Attack on my Linux Web Server

During the 2017 Wannacry Virus, I also seemed to have had a ransomware attack on my Linux Web Server, which just goes to show, ALL Operating systems are vulnerable, but as I had a backup of all the websites AND emails that were on the server at the time, I ‘only’ had to rebuild the Server stack. At that time, I was using VestaCP as my web panel, and as it backs itself up, I was able to take the backup and store it elsewhere. The only downside was that the backup that did actually work was two weeks old.

This for the websites wasn’t an issue, it just meant I lost two weeks worth of emails – as this was a personal server, all I really lost was Amazon receipts and a few personal emails! In 2020, I now no longer host my own emails onsite – as I now let the business do that on its external rented cloud server!

Email Server turned into a spam bot – thus blacklisting my static IP address and Domain

Only 2 weeks later after sorting out the ransomware attack – I found that my server became a spambot. The issue here is, of course, once a static IP address is compromised, so are any domain names attached to it. I hardened my server thanks to using sites like MXtoolbox and fixed all those issues, as well as using sites like Mail Tester over the course of a few weeks, I was able to turn my server from a completely blacklisted server to one that was a verified whitelisted email server.

Also bear in mind, that this server was hosted at home over a business broadband ISP, so I knew the risks on undertaking such a project – but without this and the ransomware attack, I wouldn’t have learned the lessons on hardening a Web or Email Server!

Had a hacker lurking around my business!

For reasons notwithstanding, I had a hacker going around the company site, a few other sites, as well as a few places on my onsite server. I was able to harden the company’s web-server and block that country from it. I was also able to hide the OS and what type of web server it was. As a precautionary measure, I threw away the static IP addresses that where connected onsite as well as the domain names, which my ISP were happy to oblige giving me a new stack of IP addresses.

Needless to say, if you do SSH to a Linux Server, it is always best NOT to use admin or root as a username, but something different, or if you can’t, a random password that would take aeons to break – thankfully I use a mixture of both!

Moving away from paid software licences to Free and Open Source Licences

During the 2020 pandemic, I like a lot of businesses had to tighten the purse strings. I was using Office 365, Adobe Photoshop, Magix Vegas Video editing, to name a few paid licences that I was using. As at the time of writing I am now paying the bills of the company, I made the decision on moving everything to Free and Open Source Software. Here is what I was using, and now have changed over to…

  • OneDrive: NextCloud
  • Windows 10: Linux Mint
  • Office 365 (offline): Libreoffice
  • Office 365 (online): CODE Server, running through NextCloud
  • Adobe Photoshop: Gimp
  • Magix Vegas: Kdenlive
  • Notepad++ (not strictly licenced/closed source but running on just Windows!): Xen (what I have used for this site!)