I’m looking for an experienced Linux incident response / sysadmin to help with a server issue.
A Linux server previously had an xmrig miner infection. Most artefacts have been removed, but something on the system is still intermittently attempting to download a miner script via wget.
The application code has been thoroughly checked and appears clean. This looks like a system-level persistence issue (cron, systemd service/timer, user-level service, SSH abuse, etc.).
What I’m looking for: • Identify and remove the persistence mechanism • Confirm whether there is any evidence of data access/exfiltration • Advise whether the server is safe to keep or if a rebuild is recommended
Context: • Ubuntu server • Node.js / Next.js app • PM2 • auditd already enabled • Sensitive app secrets will be rotated after the work
Credentials WILL be checked prior to work commencing
Moroccan Data Analytics Commercial Partner Category: Business Development, Business Strategy, Data Analytics, Data Management, Data Science, Data Visualization, Market Research, Sales Budget: $250 - $750 USD
Phaser Planet Drag-and-Drop Game Category: Adobe Flash, Audio Editing, CSS, Game Development, HTML, HTML5, JavaScript, Mobile Development Budget: $10 - $30 CAD
26 Mar 2026 22:51 GMT
Athlete Recruiting Digital Platform Development Category: Database Management, Full Stack Development, Graphic Design, HTML, PHP, UI / User Interface, Web Development, Web Design Budget: $4000 - $7000 USD
26 Mar 2026 22:50 GMT
Grabación y Edición Básica para Aranduka Category: Article Writing, Audio Editing, Content Creation, Content Writing, Copywriting, Ghostwriting, Video Editing, Video Production Budget: $120 - $200 USD
Engaging Instagram Reels Editing Category: After Effects, Color Grading, Instagram, Video Editing, Video Post Editing, Video Processing, Video Production, Video Services, Visual Effects Budget: €30 - €250 EUR
