Long planned holiday – you’re on your way, you don’t have a reliable internet connection at hand – and exactly then the worst things happen.
Got my server shut down due to a abuse message of my email service. Of course I did not recognise the problem, because I were not at home. I only got a email from my provider.
I’ve immediately checked the logs through my smartphone (!) and deactivated the compromised test account on my email service, but that did not prevent the server from being shutdown, because the queues of the postfix daemon were full of spam mails to be sent.
Well, learned something the hard way: Never forget to get rid of test accounts with too simple passwords.
After one and a half week I finally managed to be back home to get a statement letter out to the postoffice for the reactivation of my server.
First moves after reactivation: checking all logs, removing possible entrances, clearing mailboxes, installing fail2ban and other tools to prevent future brute force login attacks.
Last but not least: Searching for more monitoring possibilities when I’m somewhere out in the world, even with no internets…