XOR DDOS Linux based
Doing some daily reading came across this widespread botnet targeting Linux boxes:
https://www.stateoftheinternet.com/resources-web-security-threat-advisories-2015-xor-ddos-attacks-linux-botnet-malware-removal-ddos-mitigation-yara-snort.html
"The malware spreads via Secure Shell (SSH) services susceptible to brute-force attacks due to weak passwords". The write up details how to find it on your system and how to remove it.
Prevention tips:
-Turn off Root login
-Change SSH to a different port
-Use a strong password
-If baked into your flavor, don't turn off SELinux
If you have more tips, please add them.
https://www.stateoftheinternet.com/resources-web-security-threat-advisories-2015-xor-ddos-attacks-linux-botnet-malware-removal-ddos-mitigation-yara-snort.html
"The malware spreads via Secure Shell (SSH) services susceptible to brute-force attacks due to weak passwords". The write up details how to find it on your system and how to remove it.
Prevention tips:
-Turn off Root login
-Change SSH to a different port
-Use a strong password
-If baked into your flavor, don't turn off SELinux
If you have more tips, please add them.