User account on helen.ls.net hacked.

Submitted by tarvid on Fri, 03/10/2017 - 11:41

I backup all user files from "helen" nightly. I found a suspect file in one directory. It came from a hacked Microsoft IIS server in Indonesia. That doesn't mean the culprit is Indonesian merely that a server in Indonesia was compromised by someone somewhere. Both Google and Microsoft rated the IP as "safe". 

I archived the file and changed the user password. The goal is to end password logins and replace them with "public keys". That is going to be disruptive - think repeal and replace.