Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#345846 - 20/06/2011 07:29 Stupid security screw up
andy
carpal tunnel

Registered: 10/06/1999
Posts: 5916
Loc: Wivenhoe, Essex, UK
I discovered last night some script kiddie has had access to one of my servers for the last six months

They seem to have only been using it to run poker apps and logging into PayPal (they had also turned off automatic Windows updates and created their own admin user, neither of which I had noticed).

Still, not good, I feel violated.

I've been trying to puzzle out how they broke in, I've just realised how.

The server is virtual and was based on an old Win2k3 VMWare image that I inherited from a colleague. The administrator password was very stupidly set to a dictionary word, we used the same admin password on all throw away images.

I never log into it as admin so I'd forgotten that. I'd never worried about the password as that server isn't exposed to the Internet except via port 80.

I changed its IP address some time ago, unfortunately I'd missed that the IP address had RDP and SSH ports open on the firewall

I had checked the open ports using ShieldsUp on grc.com, but hadn't noticed it was only probing a secondary IP address that isn't the one that had the two ports open. Doh.


Edited by andy (20/06/2011 07:30)
_________________________
Remind me to change my signature to something more interesting someday

Top
#345847 - 20/06/2011 09:16 Re: Stupid security screw up [Re: andy]
pca
old hand

Registered: 20/07/1999
Posts: 1102
Loc: UK
I hope when you found this you immediately used their paypal login, changed the password, and drained their account... wink

pca
_________________________
Experience is what you get just after it would have helped...

Top
#345850 - 20/06/2011 10:02 Re: Stupid security screw up [Re: pca]
andy
carpal tunnel

Registered: 10/06/1999
Posts: 5916
Loc: Wivenhoe, Essex, UK
You're assuming it was their account wink
_________________________
Remind me to change my signature to something more interesting someday

Top
#345858 - 20/06/2011 16:16 Re: Stupid security screw up [Re: andy]
siberia37
old hand

Registered: 09/01/2002
Posts: 702
Loc: Tacoma,WA
Originally Posted By: andy
You're assuming it was their account wink


Yes my thoughts exactly.. I would probably be worried that someone is going to knock on your door and accuse you of credit card fraud or something like that. Ouch. Better make sure you have a lawyer on speed dial for a couple months.

Top
#345886 - 21/06/2011 08:57 Re: Stupid security screw up [Re: siberia37]
frog51
pooh-bah

Registered: 09/08/2000
Posts: 2091
Loc: Edinburgh, Scotland
Sort of offtopic, but it is also worth checking https://shouldichangemypassword.com/ to see if your email address and password is on one of the LulzSec lists.

If so - change it now!
_________________________
Rory
MkIIa, blue lit buttons, memory upgrade, 1Tb in Subaru Forester STi
MkII, 240Gb in Mark Lord dock
MkII, 80Gb SSD in dock

Top
#345887 - 21/06/2011 09:15 Re: Stupid security screw up [Re: frog51]
larry818
old hand

Registered: 01/10/2002
Posts: 1039
Loc: Fullerton, Calif.
Maybe I'm paranoid, but that seems a great way to harvest emails for spammery.

Top
#345888 - 21/06/2011 09:35 Re: Stupid security screw up [Re: larry818]
BartDG
carpal tunnel

Registered: 20/05/2001
Posts: 2616
Loc: Bruges, Belgium
I thought exactly the same thing. Which is why I did not try it.
_________________________
Riocar 80gig S/N : 010101580 red
Riocar 80gig (010102106) - backup

Top
#345923 - 22/06/2011 09:23 Re: Stupid security screw up [Re: larry818]
frog51
pooh-bah

Registered: 09/08/2000
Posts: 2091
Loc: Edinburgh, Scotland
Originally Posted By: larry818
Maybe I'm paranoid, but that seems a great way to harvest emails for spammery.


Yep - just depends if you trust the individual who set the site up.

I do

...and my spam filter misses only about 1 spam mail every couple of weeks, but your mileage may vary.
_________________________
Rory
MkIIa, blue lit buttons, memory upgrade, 1Tb in Subaru Forester STi
MkII, 240Gb in Mark Lord dock
MkII, 80Gb SSD in dock

Top