Wasn't sure where this should be posted, as it's not quite support. More of a bug report / what does Fun Pimps want or need from me?
I normally shutdown my 7 Days to Die server when not in use. The base VM continues, but the service is shutdown. Today, I realized I'd forgotten to shutdown the server...went to do it, and noticed that about 10 hours after I'd logged off, some weird activity showed up onscreen over a few days and last today.
I couldn't copy + paste out of the server console window and I couldn't find the respective logs for the event (if these are even logged?). I have a screenshot, but don't want to have to upload it in order to post it as a link in these forums.
Essentially, I saw this, 10 hours after I was done playing...
2021-11-06T10:04:30 45900.107 INF (GSM) GameSparks Disconnected
2021-11-06T13:28:32 58142.189 INF (GSM) GameSparks Connected
I didn't think anything of it, but the following lines were much sketchier. I saw the following IPs start and establish Telnet connections. Along with one throwing an exception.
167.71.237.46
104.140.88.42
78.128.112.14
Now, I shouldn't have telnet accessible externally. I might have something enabled in the 7 Days to Die server config, but I'll have to check that. Regardless, I shouldn't have anything unexpected opened external.
I checked my Splunk server for these IPs, but only found 2 logs. ControlChannel Open and Closed for FTP services on the VM I host my 7 Days to Die server from.
@Fun Pimps, please let me know if there is anything I should be checking or doing or providing to you guys. This on the surface to me indicates a security exploit in the server; even if enabled in a server config...as there should at least be some authentication. Thanks!
EDIT: Just to note, I restore from backups to before the first odd console entry. I do have a backup of the day after, but not from after the Telnet events were observed.