Just another thing to add. This probably is not sufficient. I would suggest that all accounts on the box have complex passwords at least 15 characters long.
On Thu, Jul 14, 2011 at 8:48 AM, John Aldrich <jaldr...@blueridgecarpet.com>wrote: > I should mention that the web designer said that the FTP server was being > hit pretty hard with random password attacks. No indication that anyone got > in, but still, better safe than sorry, which is why I told the hosting > company to restrict FTP to just our external IP address. > > > > -----Original Message----- > From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] > Sent: Thursday, July 14, 2011 8:34 AM > To: NT System Admin Issues > Subject: RE: Security and maintenance on virtual co-lo servers > > Thanks. I republished the website (after I got in touch with the web > designer and he told me how) and that got rid of the errors. He said there > was just a single line of script at the end of some of the pages and > apparently republishing the website took care of it. I have asked our web > host to lock down FTP access to just our IP address. Also, the web designer > said that the virtual server did NOT have auto-update enabled. *sigh* I'm > going to email him and ask him to enable it. I also found a site that will > do a free scan of a website for malware and am running a scan now. > > > > From: Kevin Lundy [mailto:klu...@gmail.com] > Sent: Wednesday, July 13, 2011 4:24 PM > To: NT System Admin Issues > Subject: Re: Security and maintenance on virtual co-lo servers > > I would suggest that rather than worrying about how contracts normally > work, > I think you should focus on fixing the issue. Your web site is still > infected by at least 2 downloader trojans. To leave the site online with a > known infection is irresponsible. > > You also realize there is more to web server security than just antivirus > don't you? How did the system get infected to begin with for example? > SQL > injection, open SMB, open ftp etc. > > I would have the hosting company take the server off line NOW, and do a > bare > metal restore. > -----Original Message----- > From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] > Sent: 13 July 2011 15:44 > To: NT System Admin Issues > Subject: Security and maintenance on virtual co-lo servers > > Our website was attacked and malware posted on it apparently over the > weekend. I'm not sure, but I don't think there is any antivirus / > anti-malware on the virtual server we are renting. Who's responsibility is > it *normally* to handle security and Microsoft updates on a virtual server? > I don't know the terms of our contract, so I can't say whether or not the > hosting company is in violation of those terms or not. Just wondering how > these things normally work. > > Thanks! > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > -- > MIRA Ltd > > Watling Street, Nuneaton, Warwickshire, CV10 0TU, England > Registered in England and Wales No. 402570 > VAT Registration GB 100 1464 84 > > The contents of this e-mail are confidential and are solely for the use of > the intended recipient. If you receive this e-mail in error, please delete > it and notify us either by e-mail, telephone or fax. You should not copy, > forward or otherwise disclose the content of the e-mail as this is > prohibited. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin