Nobody else is concerned that this person was able to ssh to the server without firewall rules blocking him?
Sounds like the only reason anyone even knew what was going on was due to the entire server being down and a bunch of wallets being offline.
That is a good point, the sshd_conf should be locked down..
Password authentication should be turned off immediately. Shell keys should be used otherwise _YOU HAVE ZERO SECURITY_.
I love Poloniex and Busoni, Angela, all of them, but seriously guys, a wallet server that you do not own, that means the host always has root access.
Either you own the server and co-locate, which isn't happening right now, or someone else owns the server and co-locates and you rent it from them, which is what is happening right now.
They will ALWAYS have a backdoor into the server, they have to since they own it. I work for a webhost and this is exactly how we (and all others) have to do it.
So, you need to turn off password authentication in sshd_conf , turn off root login too. Set up an account in the wheel group (su privileges) and create shell keys for that user. Log in to that user with your shell keys and su to root. You host will have to do the same thing if they log in for tech support.
I hope this helps.
Well thats a good start but seriously, the entire internet shouldn't be able to get that far, thats what firewalls are for. The firewall should have ssh access locked to only the IPs of personnel who should be accessing it.