I want to say "yes" but you should still try to change the default ports for any process open to the web. Just because they can't guess your ssh, doesn't mean they can't upload a root php script to your webserver which allows file uploads.
Just be as invisible as possible. Run nmap on your localhost with the defaults and see if anything is set to open. If so, change that port.
I think they were either computing crypto-hashes and passing on the results back home (via Tor), or they were using my machine to send out several ping/fetch requests over Tor to DDOS some unknown target machine.
The devil went down to Georgia and fiddled up a little kid.
Let's just say that theatre renditions willfully misconstrue the concept.
I have a small PC I use for exposing a private PC to the wider web via nginx proxy. It had two accounts on it: mine, and one I called "remote" with some basic password I set up to forward the proxy connection.
One day, this machine started making 100% CPU noises, for several hours. Wtf? I check the processes and a Tor node had been setup and was transmitting gigabytes to some Russian IP.
My brain goes into panic mode, I kill the process, wipe the remote user, and eventually pull the Ethernet plug.
I wish I hadn't wiped the user directory as I wanted to know what was being sent and where. Nonetheless the logs showed that several Russian IPs had been attempting an SSH brute force for literally months and one finally guessed "remote" and weak password I set for it.
I have decades of experience on Unix system, and I cringe having made such a rookie mistake.
Lesson learned: change the default SSH port to a transient port, have one dedicated SSH user with a non-standard username, and use auth-key entry only.
I still wonder what was being sent over that Tor node, and why it required all the CPU cores. My best guess is crypto mining, or it was used for a DDOS attack net somewhere.
Then the next employee gets the same deal, and the cycle of shit continues
"Run, you fools."
Urgh yeah I had one of those. A "small quick meeting" that makes you think they just want an informal update. Nope, its the getting fired talk. Still, turned out to be a blessing.
I've always found the dial 9 to get out thing a mistake waiting to happen, why not pound hash twice as the tone? How did manufacturers settle on 9 as the sane default
Urgh. I sadly do this all the time
Interactive rebase, amend the commit message for your commit, continue the rebase, and force push.
Thank heavens for Magit which simplifies this process.