1. Caddy version (caddy version
):
v2.4.3 h1:Y1FaV2N4WO3rBqxSYA8UZsZTQdN+PwcoOcAiZTM8C0I=
2. How I run Caddy:
Installed from PPA following steps in:
a. System environment:
Ubuntu 20.04 in DigitalOcean (Fresh new droplet created on July 26th (Yesterday)
b. Command:
caddy start after setting up the Caddyserver file
somesite.com {
# Set this path to your site’s directory.
tls somemeial@gmail.com
root * /var/www/somefolder
# Enable the static file server.
file_server
encode gzip zstd
# Another common task is to set up a reverse proxy:
# reverse_proxy localhost:8080
# Or serve a PHP site through php-fpm:
try_files {path} {path}/index.php
php_fastcgi localhost:9000
# Refer to the Caddy docs for more information:
# The Caddyfile — Caddy Documentation
@cachedFiles {
path *.ico *.css *.js *.gif *.jpg *.jpeg *.png *.svg *.woff
}
header @cachedFiles Cache-Control max-age=5184000
}
Before running caddy I installed php7.4 and php7.4-fpm and then configured the www.conf file so it uses the port 9000 to listen. After that I ran caddy with the Caddyfile configuration above.
c. Service/unit/compose file:
Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane.
d. My complete Caddyfile or JSON config:
Paste config here, replacing this text.
Use `caddy fmt` to make it readable.
DO NOT REDACT anything except credentials.
LEAVE DOMAIN NAMES INTACT.
Make sure the backticks stay on their own lines.
3. The problem I’m having:
4. Error messages and/or full log output:
After the above, about 1 to 2 hours after install the bitcoin miner kinsing started.
5. What I already tried:
Currently this happened before in Digitalocean with other tools installed, but this is the first time I have gotten to only doing very few things:
- Create the digitalocean droplet using Ubuntu 20.04
- Installed php7.4 and php7.4-fpm
- Installed caddy from PPA
- Configured Caddyfile and started the service
That was all. Is kinsing able to use or infect golang now?