Somewhat funny/interesting story about being hacked.
Uh oh. Looks like your using an ad blocker.
Our site is support by ads that help to pay our hosting costs. Please disable or whitelist us within your ad blocker to help us keep the site online.
All money generate by ads and donations is used to pay the hosting costs of the site, for more information about our income and expenses please see our donation page.
I run a Linux server on an old OLD laptop next to me. It was a xp machine before obviously skipping vista and running 7. It was done with that 10 years ago, so Linux server it became. I’ve found laptops make the best home servers, low power, built in UPS, screen, keyboard, quiet but unfortunately completely gutless. I route my incoming router traffic into it. I used to run a couple of things on it that I would sometimes need to access from outside my home network. Just fun stuff, like giving friends copies of TV shows (from the public domain of course) who didn’t have the ability to torrent. Nothing important.
Anyway, one day I sit down and my laptop fan next to me is absolutely fizzing and hot to touch. Odd. Check webmin. CPU 100%. Not great. Check the processes and Google it. It’s a crypto miner. No one else online was complaining about the CPU burning though, just a silent achiever in the background.
I check the user its running on. ‘Oh that’s right’ I think to myself. A 3 letter user with a 1 noun password. I was meant to delete that.. ssl, ftp and un-chrooted. Yep this is a reinstall, and I deserve that. But springs back good as new.
It got me thinking though, why was my CPU burning? Whereas everyone else’s was more of a background process? From my previous experience with mining, if you try hashing on a system that’s RAM is smaller than that crytpo’s ledger it’s pointless and runs hot. All the sys-admins commenting about the process are likely running machines with hundreds of GB of RAM.
Not me though, no sir. Sometimes best defensive security is to run a machine so garbage that even the virus doesn’t have the resources to run properly.
I like to call this “Security Through Obsolescence”. I feel like malware research companies should include a “minimum system requirements” in their write-ups so I can know whether or not it’s something that I have to actually worry about.
Thanks for the story (and hopefully that laptop didn’t have unfettered access to the rest of your network or share any creds with the router!)