Hackers Took Over My Company Server - Democratic Underground

Ravenseye

(1000+ posts) Send PM | Profile | Ignore

Sun Mar-20-05 06:11 PM
Original message

Hackers Took Over My Company Server

In about an hour I'll have to work to set up all our websites, emails, etc, etc. I'm in for a long night.

They set up a spoof phishing site among other things.

I hate spammers and internet criminals.

Ask me anything.

Printer Friendly | Permalink | | Top

salvorhardin

(1000+ posts) Send PM | Profile | Ignore

Sun Mar-20-05 06:14 PM
Response to Original message

1. What were you running?

Linux/Apache? Windows/IIS?
Ensim/CPanel/Plesk?

Did they root you? or just get control of the one domain?

What vulnerability did they exploit?

Printer Friendly | Permalink | | Top

Ravenseye

(1000+ posts) Send PM | Profile | Ignore

Sun Mar-20-05 06:15 PM
Response to Reply #1

2. Linux Apache

Yeah they rooted us. No idea yet exactly what exploit they used, but they got in, set up their own root user and then went to town.

Luckily we keep all our files multiply backed up so we dont' ahve to worry about hidden corrupted files on our websites, but setting up all the websites from scratch is going to be a bitch.

Printer Friendly | Permalink | | Top

salvorhardin

(1000+ posts) Send PM | Profile | Ignore

Sun Mar-20-05 06:38 PM
Response to Reply #2

4. That truly sucks

That kind of thing really makes me nostalgic for the old days when all that was usually done was to look around or change /etc/motd (or whatever the equivalent was on VAX or the System ??? (350? 360? was that was what IBM was pushing in the 80s?)).

Printer Friendly | Permalink | | Top

Ravenseye

(1000+ posts) Send PM | Profile | Ignore

Sun Mar-20-05 06:53 PM
Response to Reply #4

8. Yeah, these were criminals

They set up a phishing site for a major bank among other things.

Really sucks.

Printer Friendly | Permalink | | Top

CatholicEdHead

(1000+ posts) Send PM | Profile | Ignore

Sun Mar-20-05 06:38 PM
Response to Original message

3. Ouch

I get phished a few times per week. I always try to track down the fake server and notify whoever is behind it. It may be hacked, but at least someone knows about it.

The phishers use the same bank page but the server changes at least once per day.

Printer Friendly | Permalink | | Top

salvorhardin

(1000+ posts) Send PM | Profile | Ignore

Sun Mar-20-05 06:42 PM
Response to Reply #3

5. I notified a hosting provider

Edited on Sun Mar-20-05 06:53 PM by salvorhardin

of one of their servers being used for a phishing scheme last week and the company actually replied "We can't be responsible for everything our customers do!"

No... no you can't. However, you could actually have some balls and enforce a reasonable TOS and AUP and shut them down! Man, if I ever found out one of my people was using their site as part of a phishing scheme I'd drive over to their place (most of my customers are local) and strangle them.

Printer Friendly | Permalink | | Top

Zuni

(1000+ posts) Send PM | Profile | Ignore

Sun Mar-20-05 06:51 PM
Response to Reply #5

7. That is the biggest cop out ever

If they know some of their users are using their services to mess up other people's shit, why the hell wouldn't they do something?

Printer Friendly | Permalink | | Top

Ravenseye

(1000+ posts) Send PM | Profile | Ignore

Sun Mar-20-05 07:00 PM
Response to Reply #7

11. Should be taken offline immediately

Take em off line and sort it out later.

Of course now I have to sort it out on a fucking Sunday night. I'll probably get the call in 5-10 minutes to go at it...

I'm so pissed....I'm already feeling tired.

Printer Friendly | Permalink | | Top

Ravenseye

(1000+ posts) Send PM | Profile | Ignore

Sun Mar-20-05 06:59 PM
Response to Reply #5

10. Exactly

Any company that says they aren't responsible....well that's just lame.

As soon as we found out that we had been hacked our server was taken offline. We're communicating with the bank directly that the phishing site was targeting to help them out.

It just sucks.

Another thing that pisses me off is that I wouldn't be doing this right now if people didn't fall for these phishing scams in the first place. They do it because people are stupid.

Makes me angry that I have to work all night tonight because Ma and Pa Barker are stupid.

Printer Friendly | Permalink | | Top

Ravenseye

(1000+ posts) Send PM | Profile | Ignore

Sun Mar-20-05 06:56 PM
Response to Reply #3

9. Yup That's Them

Fake bank page.

The really annoying thing is that we were concerned about it earlier in the week that the server had been hacked and our IT people said they checked it out and it was fine.

Now it's sunday night and i'm going to be working till god knows when to get everything back up.

Printer Friendly | Permalink | | Top

Zuni

(1000+ posts) Send PM | Profile | Ignore

Sun Mar-20-05 06:50 PM
Response to Original message

6. They are assholes

But my real hate goes out to those bastards who create computer viruses.
Why would you want to destroy other people's property for no good reason. I had a virus totally fuck up a computer once and it cost me hundreds of dollars to fix---plus countless hours getting all my programs and documents.

Printer Friendly | Permalink | | Top

Ravenseye

(1000+ posts) Send PM | Profile | Ignore

Sun Mar-20-05 07:01 PM
Response to Reply #6

12. They're bad too

I don't know who I hate more....right now it's the phishers.

The virus makers...they anger me, because most of them aren't in it for anything other than the misery and destruction of others. It makes them feel powerfull. I almost feel sorry for them. Almost.

The phishers though. They're actively criminals. They're seeking to steal and harm and do it by breaking into your house and making it look like you're the criminal.

They should be flayed alive.

Printer Friendly | Permalink | | Top

mopinko

(1000+ posts) Send PM | Profile | Ignore

Sun Mar-20-05 07:06 PM
Response to Original message

13. when are we going to get some decent enforcement

mechanisms for internet crimes? if there was an agency that you could forward these phishing e-mails, etc, to, this stuff would last 20 seconds. geez.

Printer Friendly | Permalink | | Top

Ravenseye

(1000+ posts) Send PM | Profile | Ignore

Sun Mar-20-05 07:08 PM
Response to Reply #13

14. We need education too

Enforcment is good, but if people simply didn't respond to these types of scams it wouldn't be a problem.

It's simple. If someone sends you an email saying there is a problem, ignore it...or if you have to do something, go directly to the companies website and contact them via email about it, including the email that was sent to you. If it's legit they'll help you out.

If everyond did that for a month or two people wouldn't try pulling the scam anymore.

Printer Friendly | Permalink | | Top

mopinko

(1000+ posts) Send PM | Profile | Ignore

Sun Mar-20-05 07:19 PM
Response to Reply #14

15. but we'll never educate everyone.

and it only takes a few. but if you and i could send these things on when we get them to someone who would track them down, no phish would go undetected for more than an hour.

Printer Friendly | Permalink | | Top

DU AdBot (1000+ posts)

Fri May 10th 2024, 03:35 PM
Response to Original message

Advertisements [?]

Top

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.