tl;dr:“One of my servers suddenly deciding to start sending SSH connections to the wider internet. This is usually a pretty strong indicator of malware compromise, and I had to act quickly if that was the case. Luckily, I’ve worked in infosec for a while, and some years ago I even did some freelance work doing forensics and cleanup of infected servers.”