...
- changing the root password
- using tcpwrappers (hosts.allow / hosts.deny)
- firewalling ssh while leaving any other services accessible
Attribution
None so far.
Deducing the haker's nationality from the network location of the bitcoin master server (China) seems compelling, but may well be completely wrong. During the investigation, we have seen command traffic from several different countries. Any of the machines involved, this also includes the bitcoin master server, may itself have been hacked turning the alleged attacker into the victim. Therefore, we strongly recommend against jumping to conclusions.
Truth is: We don't know who or where the hackers are.
Contact and Feedback
ACOnet-CERT welcomes feedback, preferably by e-mail to cert@aco.net. If you are aware of other sites covering this topic, please let us know.
...