This seems relevant: https://blog.netspi.com/stealing-unencrypted-ssh-agent-keys-from-memory/
On Wed, Apr 3, 2019 at 2:33 PM R0me0 *** <knight....@gmail.com> wrote: > you can block connections from tor, the ssh keys must be replaced and of > course, are you using a passphrase for them? > > Regards, > > > Em qua, 3 de abr de 2019 às 16:12, Zeb Packard <zeb.pack...@gmail.com> > escreveu: > > > If you've got money go here: https://www.openbsd.org/support.html > > > > If you don't have money go ask here: http://daemonforums.org/ > > > > Generally, msp, isp, it requests don't go on this list. You've posted no > > evidence - a big no no. You need a high level of forensic verification > > before you bring this problem to the list. > > > > Good luck, > > > > Zeb > > > > On Wed, Apr 3, 2019 at 11:59 AM Cord <openbs...@protonmail.com> wrote: > > > > > Hi, > > > I have some heavy suspect that my openbsd box was been hacked for the > > > second time in few weeks. The first time was been some weeks ago, I > have > > > got some suspects and after few checks I have found that someone was > been > > > connected to my vps via ssh on a non-standard port using my ssh key. > The > > > connection came from a tor exit node. There were been 2 connections and > > up > > > since 5 days. Now I have some other new suspects because some private > > email > > > seems knew from others. Also I have found other open sessions on the > web > > > gui of my email provider, but I am abolutely sure I have done the > logout > > > always. > > > I am using just chrome+unveil and I haven't used any other script or > > > opened pdf (maybe I have opened 1 or 2 pdf from inside of chrome). I > have > > > used epiphany *only* to open the webmail because chrome crash. My email > > > provider support html (obviously) but generally photo are not loaded. > > > Ofcourse I have pf enable and few service. > > > I also use a vpn and I visit very few web site with chrome.. maybe 20 > or > > > 25 website just to read news. Sometimes I search things about openbsd. > > > Anyone could help me ? > > > Cord. > > > > > > > > > > > > > > >
