I’ve been running Yunohost on a Debian 8 VPS for several months–and it’s been great. A few days ago, I suddenly couldn’t access Yunohost, nor could I log in via ssh. Ssh was set for key authentication, no password login, no root login, and on a non-standard port. Both my user and root passwords were 25 characters randomly generated by Keepassx. The VPS admin said they’ve routed by IP to null because the VPS was being used to send spam. At this point, I don’t have ssh access except via the VPS management web interface.
Any ideas how to determine how they got access? Also, given I can’t ssh in, any ideas how to get my wallabag and etherpad data off the box (planning to wipe it and start over)?
Thanks!
EDIT. I’ve regained full ssh access, changed authentication key, user/root/admin passwords, and ssh port. Indeed, /var/log/mail is filed with spam sends, e.g., Nov 13 11:40:10 [hostname] postfix/smtpd[30023]: connect from mx0b-00173b01.pphosted.com[67.231.156.88]. Stopping postfix seems to have halted things.
My hope is to pull my data, then start over. Problem is sudo yunohost backup info shows Error: Invalid backup archive for all recent backups. Trying to create a new backup also fails because mariadb-server is down. I’ve been searching for hours and can’t figure out what’s wrong with maria…
It seems mariadb-server is stuck mid-upgrade. apt-get install -f result in:
Setting up mariadb-server-10.0 (10.0.28-0+deb8u1) …
dpkg: error processing package mariadb-server-10.0 (–configure):
subprocess installed post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of mariadb-server:
mariadb-server depends on mariadb-server-10.0 (>= 10.0.28-0+deb8u1); however:
Package mariadb-server-10.0 is not configured yet.
dpkg: error processing package mariadb-server (–configure):
dependency problems - leaving unconfigured
Errors were encountered while processing:
mariadb-server-10.0
mariadb-server
needrestart is being skipped since dpkg has failed
E: Sub-process /usr/bin/dpkg returned an error code (1)
Restarting mysql.service gives:
error: ‘Can’t connect to local MySQL server through socket ‘/var/run/mysqld/mysqld.sock’ (2 “No such file or directory”)’
Can’t find mysqld.sock anywhere on the system.
Looking at /var/log/syslog shows a near constant stream:
Nov 13 17:13:32 [hostname] slapd[702]: <= mdb_equality_candidates: (sudoUser) not indexed
Nov 13 17:13:32 [hostname] slapd[702]: <= mdb_substring_candidates: (sudoUser) not indexed
Nov 13 17:13:32 [hostname] slapd[702]: <= mdb_equality_candidates: (cn) not indexed
Nov 13 17:13:32 [hostname] slapd[702]: <= mdb_equality_candidates: (sudoUser) not indexed
Running out of ideas.
tl;dr VPS hacked, mysql screwed: unable to backup Yunohost.