Unknown docker container installed

An unknown docker container named "modest_ardinghelli" was installed and pinned my server. I believe it was mining. I'm obviously concerned with how it got there. My server is not open to the internet. Any tips on how to secure things and prevent this from happening again would be appreciated. Attached is the log I pulled from the docker. unknown docker log.txt

By ihaveskittles, March 18, 2021
8 replies

What Squid said. Your logs are full of thousands of attempts to SSH (and sometimes Telnet) into your server. Looks like it was a successful bruteforce attempt via a botnet. Also you're right about the container, it's mining Monero. Not comprehensive and there's probably some better guides out there but just some suggestions based on your situation: Now that you know it's not isolated, make sure you isolate the server from the internet. Whether that takes putting i