Hi, I would firstly like to apologize to developers as the question I am about to ask has little to do with OpenBSD. However, in my experience the number of security conscious people lurking on this mailing list is such that I could not resist.
Long story short one of my virtual servers (running Red Hat) got hacked by cryptomining folks. I noticed 100% load on CPUs coming out of a cron job and traced everything to a cryptomining scripts. Sure enough there was an ssh-key .ssh/authorized_keys which was not suppose to be there. Incidentally, I had to turn off Duo 2-factor authentication as one of my users insisted on having GUI access via X2go-client. I am not much of a security expert so my instinct is that account was compromised by scooping account information from a browser cash or my "smart" phone while reading email from Office 365. I have log files and I am going through them. Browser cash problem hopefully will be offset now when I have 2-factor enabled for Office 365 email and using only browser on my locked down OpenBSD desktop. However, that still leaves me with a damn Android smartphone. I already deleted/disabled email clients but the more I look the more I feel stupid for having that crap. I am looking now at purchasing something like Nokia 106. Note that I use one of USA T-Mobile plans and my current smartphone works well across the globe. It looks like Nokia 106 doesn't work in Europe. I would appreciate any advises, comments, suggestions on the choice of mobile device for basic phone calls and texting. It would be painful to carry around a small laptop for web browsing, maps, and few other useful things but it looks like I am heading there. Thanks for your help. Predrag Punosevac
