----- Original Message -----
Sent: Friday, December 19, 2003 5:51
PM
Subject: Re: [KCFusion] Deleting Files
(OT)
No. That is the only machine they could have
access to. Everything else is behind a firewall. I did do a cursory check of
all hard drive space. Nothing seems amiss. I took a look at the ftp log and
was annoyed to discover that this had been going on for a month. Probably
would never have noticed had they not gotten so greedy with my hard drive.
Security around here consist of a firewall and crossed fingers. Unfortunately
since we are a non profit the IT staff (all three of us) is mainly recent
college grads. I myself have but a rudimentary understanding of network
security and would not know where to even begin to do an audit. We
usually contract that work out. (when I can convince them to that
is)
I did fire off some abuse reports of my own but
oh surprise surprise they bounced back.
Adaryl Wakefield
Aviator by passion
Programmer by sheer force of
will
----- Original Message -----
Sent: Friday, December 19, 2003 2:03
PM
Subject: RE: [KCFusion] Deleting Files
(OT)
np. did you happen to do any security auditing to see if anything
else on the machine/network was comprimised?
Bruce Dunwiddie
Ticket Technology
P:
866.543.3331
F: 913.451.7832
[EMAIL PROTECTED]
Hey Bruce thanks for the link. With that and
a little app someone gave me I was able to blast all those files to hell
and gone. Nobody is going to be downloading MS Flight Sim 2004 from my
server. Its a crappy sim anyway.
Adaryl Wakefield
Aviator by
passion
Programmer by sheer force of will
----- Original Message -----
Sent: Thursday, December 18, 2003
1:11 PM
Subject: RE: [KCFusion] Deleting
Files (OT)
that would be something similar to what you're seeing, but keep
in mind that this could be only the start of something
larger.
Bruce Dunwiddie
Ticket Technology
P: 866.543.3331
F:
913.451.7832
[EMAIL PROTECTED]
that does not sound like a virus. it sounds like you became
someone's storage b****, which of course is the technical definition.
you're now probably hosting infection files to infect other computers.
you need to immediately take down any non critical services and
machines and do a full security audit involving network monitoring and
tracking of where the attack came from. you should expect emails to
come in shortly to [EMAIL PROTECTED] from
other companys/individuals that are seeing at very least your ftp
server being involved in new attacks on them and blaming you. there
could conceivably be rampant infections and abuse going on throughout
your entire network. you need to find out immediately what was
comprimised and what wasn't. it sounds like a lot of work I know, and
I'm sure you and/or your bosses won't be up for all of it, but things
can get SEVERELY worse from here if you don't track down what happened
and make sure it doesn't continue. As for deleting the files, they
were created in a way to specifically prevent you from being able to
delete them. I think the only way you'd be able to delete them would
probably be to mount the drive as a secondary drive to a linux os and
use it to delete the file and I THINK that will work, but other than
that, it's very unlikely that you will be able to find a way to delete
the files.
Bruce Dunwiddie
Ticket Technology
P: 866.543.3331
F:
913.451.7832
[EMAIL PROTECTED]
A virus snuck onto our server last
night. There is practicly no trace of it just the fact that in the
ftproot folder there is 2.8 GIGs of info that refuses to delete. It
keeps telling me cannot find specified file. anybody deal with this
before?
Adaryl Wakefield
Aviator by
passion
Programmer by sheer force of
will
