How to avoid getting the crypto miner virus

Should you actually be compromised, the most important thing is to do is to do a comprehensive root cause analysis. See the canonical question on this topic: How do I deal with a compromised server? Look at what processes and technical controls failed, for every system. This will be time consuming, but worthwhile to not make those mistakes again.

Once you have lessons learned, yes rebuilding from a clean known good operating system is a reasonable thing to do.

• Update your software regularly. Operating system and application.
• Only install software from sources you trust. Beware that your software supply chain can be vulnerable to developers' weak opsec.
• Only grant users that you trust shells.
• Use ssh keys and disable passwords entirely.
• Pay attention to last login times that were not you or your team, or are outside your typical IP space.
• Monitor resource utilization, 100% CPU is bad.

And so on. There is more to security, but this hygiene stuff is a large part of it.

Some of EuroVPS's advice is flawed.

• IPv6 should be enabled.

  • Better to put proper controls in place than ignore v6, because it isn't going away.
  • It is infeasible for attackers to scan the entire address space like v4. They'll have to find your DNS like everyone else.
  • 30% of Google's global traffic is IPv6
  • IPv6 is faster than v4 in many networks

• Password complexity of alphanumeric special is obsolete. NIST 800-63B says allow very long passwords, disallow dictionary words and previous breach corpuses, but do not impose alphanumeric special requirements. The latter is easy for computers to crack, but difficult for humans to remember.

• I don't see the point of changing the ssh port. You can to avoid some of the brute force scanning noise. But it doesn't really matter if you secure your ssh keys, don't use passwords, and ban misbehaving IPs at the firewall.