microdao-daarion

daarion-admin/microdao-daarion

Fork 0

Commit Graph

Author	SHA1	Message	Date
Apple	21691aa042	docs: document Security Incident #2 - recurring container compromise Security Incident #2 Emergency Response (Jan 9, 2026): - Documented second compromise with NEW crypto miners (softirq, vrarhpb) - Root cause: Docker image auto-restarted after server reboot - Emergency mitigation completed (processes killed, container/images removed, load normalized) - Created comprehensive rebuild task document: TASK_REBUILD_DAARION_WEB.md - Updated INFRASTRUCTURE.md v2.3.0 with Incident #2 timeline and lessons learned - Updated infrastructure_quick_ref.ipynb v2.2.0 with security status Critical Changes: - daarion-web container permanently disabled until secure rebuild - Docker images DELETED (not just container stopped) - Enhanced firewall rules (SSH rate limiting, port scan blocking) - Retry test registered with Hetzner - System load normalized: 30+ → 4.19 - Zombie processes cleaned: 1499 → 5 Files Created/Updated: 1. TASK_REBUILD_DAARION_WEB.md - Detailed rebuild instructions for Cursor agent 2. INFRASTRUCTURE.md - Added Incident #2 to Security section 3. docs/infrastructure_quick_ref.ipynb - Updated security status and version Lessons Learned: - ALWAYS delete Docker images, not just containers - Auto-restart policies are dangerous for compromised containers - Complete removal = container + image + restart policy change Status: Emergency mitigation complete, statement submission pending (deadline: 2026-01-09 12:54 UTC) Hetzner Incident ID: 10F3971:2A (AbuseID) Co-Authored-By: Warp <agent@warp.dev>	2026-01-09 02:08:13 -08:00

Author

SHA1

Message

Date

Apple

21691aa042

docs: document Security Incident #2 - recurring container compromise

Security Incident #2 Emergency Response (Jan 9, 2026):
- Documented second compromise with NEW crypto miners (softirq, vrarhpb)
- Root cause: Docker image auto-restarted after server reboot
- Emergency mitigation completed (processes killed, container/images removed, load normalized)
- Created comprehensive rebuild task document: TASK_REBUILD_DAARION_WEB.md
- Updated INFRASTRUCTURE.md v2.3.0 with Incident #2 timeline and lessons learned
- Updated infrastructure_quick_ref.ipynb v2.2.0 with security status

Critical Changes:
- daarion-web container permanently disabled until secure rebuild
- Docker images DELETED (not just container stopped)
- Enhanced firewall rules (SSH rate limiting, port scan blocking)
- Retry test registered with Hetzner
- System load normalized: 30+ → 4.19
- Zombie processes cleaned: 1499 → 5

Files Created/Updated:
1. TASK_REBUILD_DAARION_WEB.md - Detailed rebuild instructions for Cursor agent
2. INFRASTRUCTURE.md - Added Incident #2 to Security section
3. docs/infrastructure_quick_ref.ipynb - Updated security status and version

Lessons Learned:
- ALWAYS delete Docker images, not just containers
- Auto-restart policies are dangerous for compromised containers
- Complete removal = container + image + restart policy change

Status: Emergency mitigation complete, statement submission pending (deadline: 2026-01-09 12:54 UTC)

Hetzner Incident ID: 10F3971:2A (AbuseID)

Co-Authored-By: Warp <agent@warp.dev>

2026-01-09 02:08:13 -08:00

1 Commits