Hello. I was the OP (and the victim by some malicious activity) at the topic here.
So, I wanted to harden my security so I won't have to suffer from something like that issue again. So, here. what I did so far:
- Changed the ssh port. I know this one does not have an effect that much, but I see a dramatic reduction of attacks at logs.
- I still have password login with my ssh password, but now I am using 2FA with Google Authenticator.
- Enabled ufw and left only SSH port open. Rest of the applications are being reached behind a reverse proxy.
- There is absolutely zero port binding with the docker containers, as port bindings break port rules defined by ufw. All tunneling is working within a separate docker network.
- All apps are behind an authentication process. Each apps have their own 'hard' type password which has symbols lower and upper cases numericals with at least 12 char long.
- Only app that has a reach to docker management is Portainer.
What else I can do? Are those bullets enough for preventing the history to re-occur?