This morning I woke up to an email from DigitalOcean saying they have scanned my host and on port 8080 was botnet.

"We are writing to let you know that your Droplet tyrelsouza.com at 138.197.14.67 is a Command & Control server part of a botnet."

UGH. This is not what I wanted to have to deal with today.

My first steps were to shut down all php things (the issue is with heysrv.php in EVERY directory). Then I ran find / -name heysrv.php -delete to delete all the files. After this, I decommissioned my pixelfed instance …