What's amazing to me is that you can't pay someone $8 to find weaknesses in your system that let people mine crypto for free, but people are happy to do it and mine $8 in crypto before they get shut down. I don't really understand it.
What surprised me about this incident was how many script kiddies are out there. The sophistication of the attacks were so low. Very poor opsec (using compromised machines as jump boxes, but still logging into the site with their desktop browser with no VPN or Tor), very poor understanding of attack tools (LD_PRELOAD to make certain processes not show up in "ps", except we don't use a dynamically-linked binary to do that, so it has no effect), etc. I feel like I never converse with that type of person on HN, so I just forgot they existed.
I kind of assumed that whole field of specialization died off when people started getting aggressively prosecuted for this sort of thing, but apparently not. If anything, the crypto craze has really increased the demand for hacked Linux systems. I was very surprised to see thousands of compromised machines on major cloud providers attacking us, as well as a long tail of tiny hosting companies that I assumed didn't exist in the world of Linode and Digital Ocean. Like you can get a server in a rack somewhere and sell it to someone, and there are customers that buy that service. Mind blown!
