I'd think twice before declaring victory; I don't see any reason to believe that the server is now "clean". If this had happened to me, I'd spin up a new VPS, configure it appropriately, then install my app and migrate any needed data. What I wouldn't do was continue running on an instance that had been exploited and assume I'd successfully cleaned it up.
Agreed, particularly when he's already admitted this was the second time.
However I still praise him for not only taking time to investigate how the breach happened, but also to blog about it so we can all benefit from the experience.
The author answered that criticism in the comments to the Reddit post.
> And you're right, I don't know and it's probable that they left something else. I'll probably need to nuke the server and rebuild, but I wanted to have a better idea of how I could improve my situation in the future. And I believe that exposing what I did and how I did, the community would be of a assistance.
I praise his curiosity for actually digging the problem and trying to understand how he got his server hacked. It makes a much better post than: I nuked my installation, and installed everything from scratched crossing my fingers that this will never happen again in the future.
