|
No. That is the only machine they could have access
to. Everything else is behind a firewall. I did do a cursory check of all hard
drive space. Nothing seems amiss. I took a look at the ftp log and was annoyed
to discover that this had been going on for a month. Probably would never have
noticed had they not gotten so greedy with my hard drive. Security around here
consist of a firewall and crossed fingers. Unfortunately since we are a non
profit the IT staff (all three of us) is mainly recent college grads. I myself
have but a rudimentary understanding of network security and would not know
where to even begin to do an audit. We usually contract that work out. (when I
can convince them to that is)
I did fire off some abuse reports of my own but oh
surprise surprise they bounced back.
Adaryl Wakefield
Aviator by passion
Programmer by sheer force of
will
----- Original Message -----
Sent: Friday, December 19, 2003 2:03
PM
Subject: RE: [KCFusion] Deleting Files
(OT)
np.
did you happen to do any security auditing to see if anything else on the
machine/network was comprimised?
Bruce Dunwiddie
Ticket Technology
P:
866.543.3331
F: 913.451.7832
[EMAIL PROTECTED]
Hey Bruce thanks for the link. With that and a
little app someone gave me I was able to blast all those files to hell and
gone. Nobody is going to be downloading MS Flight Sim 2004 from my server.
Its a crappy sim anyway.
Adaryl Wakefield
Aviator by
passion
Programmer by sheer force of will
----- Original Message -----
Sent: Thursday, December 18, 2003
1:11 PM
Subject: RE: [KCFusion] Deleting
Files (OT)
that would be something similar to what you're seeing, but keep in
mind that this could be only the start of something
larger.
Bruce Dunwiddie
Ticket Technology
P:
866.543.3331
F: 913.451.7832
[EMAIL PROTECTED]
that does not sound like a virus. it sounds like you became
someone's storage b****, which of course is the technical definition.
you're now probably hosting infection files to infect other computers.
you need to immediately take down any non critical services and machines
and do a full security audit involving network monitoring and tracking
of where the attack came from. you should expect emails to come in
shortly to [EMAIL PROTECTED] from
other companys/individuals that are seeing at very least your ftp server
being involved in new attacks on them and blaming you. there could
conceivably be rampant infections and abuse going on throughout your
entire network. you need to find out immediately what was comprimised
and what wasn't. it sounds like a lot of work I know, and I'm sure you
and/or your bosses won't be up for all of it, but things can get
SEVERELY worse from here if you don't track down what happened and make
sure it doesn't continue. As for deleting the files, they were created
in a way to specifically prevent you from being able to delete them. I
think the only way you'd be able to delete them would probably be to
mount the drive as a secondary drive to a linux os and use it to delete
the file and I THINK that will work, but other than that, it's very
unlikely that you will be able to find a way to delete the
files.
Bruce Dunwiddie
Ticket Technology
P: 866.543.3331
F:
913.451.7832
[EMAIL PROTECTED]
A virus snuck onto our server last night.
There is practicly no trace of it just the fact that in the ftproot
folder there is 2.8 GIGs of info that refuses to delete. It keeps
telling me cannot find specified file. anybody deal with this
before?
Adaryl Wakefield
Aviator by
passion
Programmer by sheer force of
will
|
