RE: [KCFusion] Deleting Files (OT)

[Bruce Dunwiddie]

np. did you happen to do any security auditing to see if anything else on the machine/network was comprimised?   Bruce Dunwiddie Ticket Technology P: 866.543.3331 F: 913.451.7832 [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Adaryl Wakefield Sent: Friday, December 19, 2003 2:08 PM To: [EMAIL PROTECTED] Subject: Re: [KCFusion] Deleting Files (OT) Hey Bruce thanks for the link. With that and a little app someone gave me I was able to blast all those files to hell and gone. Nobody is going to be downloading MS Flight Sim 2004 from my server. Its a crappy sim anyway.   Adaryl Wakefield Aviator by passion Programmer by sheer force of will ----- Original Message ----- From: Bruce Dunwiddie To: [EMAIL PROTECTED] Sent: Thursday, December 18, 2003 1:11 PM Subject: RE: [KCFusion] Deleting Files (OT) http://216.239.51.104/search?q=cache:SqrAO6Jfx2EJ:www.informit.com/isapi/product_id~%257BCE900721-0AF9-462F-9090-4D3EC70D2479%257D/st~%257BDAD042F2-79FD-4F66-BC96-0BD376A1EE3D%257D/content/printerFriendly.asp+ftp+%22can%27t+delete%22+hack&hl=en&ie=UTF-8   that would be something similar to what you're seeing, but keep in mind that this could be only the start of something larger.   Bruce Dunwiddie Ticket Technology P: 866.543.3331 F: 913.451.7832 [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Bruce Dunwiddie Sent: Thursday, December 18, 2003 12:41 PM To: [EMAIL PROTECTED] Subject: RE: [KCFusion] Deleting Files (OT) that does not sound like a virus. it sounds like you became someone's storage b****, which of course is the technical definition. you're now probably hosting infection files to infect other computers. you need to immediately take down any non critical services and machines and do a full security audit involving network monitoring and tracking of where the attack came from. you should expect emails to come in shortly to [EMAIL PROTECTED] from other companys/individuals that are seeing at very least your ftp server being involved in new attacks on them and blaming you. there could conceivably be rampant infections and abuse going on throughout your entire network. you need to find out immediately what was comprimised and what wasn't. it sounds like a lot of work I know, and I'm sure you and/or your bosses won't be up for all of it, but things can get SEVERELY worse from here if you don't track down what happened and make sure it doesn't continue. As for deleting the files, they were created in a way to specifically prevent you from being able to delete them. I think the only way you'd be able to delete them would probably be to mount the drive as a secondary drive to a linux os and use it to delete the file and I THINK that will work, but other than that, it's very unlikely that you will be able to find a way to delete the files.   Bruce Dunwiddie Ticket Technology P: 866.543.3331 F: 913.451.7832 [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Adaryl Wakefield Sent: Thursday, December 18, 2003 12:31 PM To: [EMAIL PROTECTED] Subject: [KCFusion] Deleting Files (OT) A virus snuck onto our server last night. There is practicly no trace of it just the fact that in the ftproot folder there is 2.8 GIGs of info that refuses to delete. It keeps telling me cannot find specified file. anybody deal with this before?       Adaryl Wakefield Aviator by passion Programmer by sheer force of will