We've had four customers affected by this incident due to a staff error in our Debian 11 system image for a user named "a" with a weak password. Debian 10 and Centos 7 images appear to be unaffected, but users are advised to check for themselves. Current Debian 11 mirrors have removed this user.
solution
1. Delete the user with the username "a".
2. Enable fail2ban (maybe not work).
3. Reinstall your system.
4. Change to a non-standard ssh port.
5. Turn off password login.
We apologize for that!
