This is how a disclosure should be performed. Well done, and thank you for being honest to the Cardano community and helping the SPOs. I encourage each stake pool to think about layered defenses, not only from a trust boundary such as a port/firewall but also monitoring and logging. Please SPOs use things such as deception and alerting to identify malicious actors on your machines. Canary tokens are a great way to get an alert when a file is accessed or someone has cloned your website trying to impersonate you. This is a free service. https://canarytokens.org/generate or if you would rather not click a link (this would be me) just google canary tokens and do some research on the subject.
Anyone have thoughts for the SPOs on using a honeypot node to see if there is malicious traffic specifically looking for relay/node architectures?
I’m interested in operating something like this and reporting to a close-knit group of SPOs on what kind of traffic/attacks are occurring.