I have a server with Arch Linux installed and for some reason, it gets infected after a period of inactivity. I reinstall, remain inactive for some time and it gets infected again. Every time I reinstall the server, I run a script that also installs the following:
With pacman
- core/gcc
- extra/nginx
- extra/python-pip
- extra/python-django
- extra/postgresql
- community/python-psycopg2
- community/nodejs
- community/npm
With pip
- uwsgi
Is it possible, that after I install one of those, my server can get infected because of it? It has happened about 4 times now. The server installation is done by my provider, which I fully trust (they host other servers of mine and never had problems).
Another possibility could be that someone gained access to my server through my root login, which seems impossible since I've always checked the 'last login' whenever I login, and it was always me (I wrote down every time I logged on).
After a while, the servers starts a Large DDoS Attack
Something that I get a lot as a response is "Reinstall the server, no other choice". That's where I get stuck, because I've done it already so many times, and I get the feeling my provider is really getting fed up with me "returning with this DDoS attack".