Re: OT - Box has been attacked by cowboy
On Saturday 16 Feb 2008, Nick Gleason wrote: I usually leave it wide open in US/Canada/Europe Doesn't the US send more spam than any other country, ergo have more vulnerable boxes than anywhere else ? -- Tom Chiverton Helping to continuously target real-time bandwidth on: http://thefalken.livejournal.com This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299254 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: OT - Box has been attacked by cowboy
Ok, since we're at it and I don't mind if you compared it to 'theft', well, let me say this, the 'windows'/'doors' were all locked but as you mentioned, but hardened criminals would probably have a way to get it. If someone was able to change your data schema, your analogy fails. You most likely either (a) exposed your database server to the public internet, or (b) your application can be manipulated to change your data schema. Both of these are security 101 things. You know what, someone should offer computer security insurance... In that case, your insurer would likely require you to meet specific security standards. If you didn't meet them - and I feel confident that you wouldn't have in this case - they would refuse your claim. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Training: Adobe/Google/Paperthin Certified Partners http://training.figleaf.com/ WebManiacs 2008: the ultimate conference for CF/Flex/AIR developers! http://www.webmaniacsconference.com/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299189 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: OT - Box has been attacked by cowboy
Simply put, I use it as a wake-up call. Thanks for your thoughts. In that case, your insurer would likely require you to meet specific security standards. If you didn't meet them - and I feel confident that you wouldn't have in this case - they would refuse your claim. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Training: Adobe/Google/Paperthin Certified Partners http://training.figleaf.com/ WebManiacs 2008: the ultimate conference for CF/Flex/AIR developers! http://www.webmaniacsconference.com/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299198 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
OT - Box has been attacked by cowboy
Yesterday around 7pm EST my box has been ruthlessly attacked (port scan and then data/schema alternation) by 75.126.166.15, which traced to SoftLayer Technologies, Inc. in TX. My course of actions: a) prepare a law suit; b) inform FBI. On b), I don't know if I should inform FBI branch in TX or just own state or both. Evil doers must be stopped soon. Your thoughts would be appreciated. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299092 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: OT - Box has been attacked by cowboy
You should contact softlayer.com and tell them that one of their (10,000) dedicated servers has been compromised. http://www.softlayer.com/ I have been hacked before. No fun at all. b) inform FBI. Good luck on that. Prolly one of 10 a bazzion script kiddies bouncing off of 1/2 a dozen proxies. Just sayin'. ;) I recommend getting a bunch of antivirus, spyware, root kit recovery programs and get busy. You are going to be at it for a while. These will get you going. Dr. Web AVG Unhackme root kit reveler Good luck and don't take it personally. Gerald On Fri, Feb 15, 2008 at 12:52 PM, Don L [EMAIL PROTECTED] wrote: Yesterday around 7pm EST my box has been ruthlessly attacked (port scan and then data/schema alternation) by 75.126.166.15, which traced to SoftLayer Technologies, Inc. in TX. My course of actions: a) prepare a law suit; b) inform FBI. On b), I don't know if I should inform FBI branch in TX or just own state or both. Evil doers must be stopped soon. Your thoughts would be appreciated. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299094 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SPAM: OT - Box has been attacked by cowboy
Is this ongoing or has it already stopped? I'm guessing that alerting the FBI will give you no results. I doubt that this would rank very high on their threat list. And a law suit? Have you simply tried contacting this company and talking to them? I'd be willing to bet that they don't even know it's happening as it's probably a trojan of some sort. Why jump straight to law sutis and the FBI when a simple phone call might resolve the issue? -Original Message- From: Don L [mailto:[EMAIL PROTECTED] Sent: Friday, February 15, 2008 11:52 AM To: CF-Talk Subject: SPAM: OT - Box has been attacked by cowboy Yesterday around 7pm EST my box has been ruthlessly attacked (port scan and then data/schema alternation) by 75.126.166.15, which traced to SoftLayer Technologies, Inc. in TX. My course of actions: a) prepare a law suit; b) inform FBI. On b), I don't know if I should inform FBI branch in TX or just own state or both. Evil doers must be stopped soon. Your thoughts would be appreciated. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299096 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: OT - Box has been attacked by cowboy
Don, We have also had attacks against our servers by Ips traced to SoftLayer (and their clients) and would be very interested in seeing this stopped. Let us know how we can support you. Also, I assume that you have contacted SoftLayer to have them take action as well? I would also be interested in hearing what can be done in situations like this. Best, Nick . .. -Original Message- From: Don L [mailto:[EMAIL PROTECTED] Sent: Friday, February 15, 2008 12:52 PM To: CF-Talk Subject: OT - Box has been attacked by cowboy Yesterday around 7pm EST my box has been ruthlessly attacked (port scan and then data/schema alternation) by 75.126.166.15, which traced to SoftLayer Technologies, Inc. in TX. My course of actions: a) prepare a law suit; b) inform FBI. On b), I don't know if I should inform FBI branch in TX or just own state or both. Evil doers must be stopped soon. Your thoughts would be appreciated. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299101 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: OT - Box has been attacked by cowboy
c. Figure out how they got in, reinstall the box, get a firewall and keep up on the latest patches. More then likely you are running sql on a default port on a public ip (a major no no). This combined with weak passwords for one of your accounts led to the compromise. BTW, FBI won't get involved btw unless there's over 10k in damages. Russ -Original Message- From: Don L [mailto:[EMAIL PROTECTED] Sent: Friday, February 15, 2008 12:52 PM To: CF-Talk Subject: OT - Box has been attacked by cowboy Yesterday around 7pm EST my box has been ruthlessly attacked (port scan and then data/schema alternation) by 75.126.166.15, which traced to SoftLayer Technologies, Inc. in TX. My course of actions: a) prepare a law suit; b) inform FBI. On b), I don't know if I should inform FBI branch in TX or just own state or both. Evil doers must be stopped soon. Your thoughts would be appreciated. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299107 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: OT - Box has been attacked by cowboy
I'd like to thank those who put forward thoughtful notes rather than put up a firwall, so, you think when you're being attacked you didn't have a firewall? this kind of 'move on' nonsense does not help anything, pay attention when you follow up, the attention should be of help/value. To Hatton, yes, I immediately blocked them once detected attack. To Nick, we'll see. Don Yesterday around 7pm EST my box has been ruthlessly attacked (port ... Your thoughts would be appreciated. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299111 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: OT - Box has been attacked by cowboy
On Fri, Feb 15, 2008 at 5:52 PM, Don L [EMAIL PROTECTED] wrote: Yesterday around 7pm EST my box has been ruthlessly attacked (port scan and then data/schema alternation) by 75.126.166.15, which traced to SoftLayer Technologies, Inc. in TX. We get scans, SSH attempts, injection attempts, hack attempts all the time - it's part of life on the web. Make sure your machine is secure, get a firewall in, move on. -- mac jordan www.webhorus.net www.nibblous.com www.kestrel.org www.jordan-cats.org ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299097 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: OT - Box has been attacked by cowboy
Have you blocked traffic from that IP at the firewall yet? Also, when I did a lookup of the IP, it was traced to a different domain for a company that provides hosting (gege-hosting.com) but it is not coming up any more. An online scan of the IP shows that the only open access is via windows Remote Desktop The company that you traced it to is a hosting company, they sell dedicated machines. My first step would be to contact them at http://www.softlayer.com/about.html. Best of luck! Hatton On Fri, Feb 15, 2008 at 12:52 PM, Don L [EMAIL PROTECTED] wrote: Yesterday around 7pm EST my box has been ruthlessly attacked (port scan and then data/schema alternation) by 75.126.166.15, which traced to SoftLayer Technologies, Inc. in TX. My course of actions: a) prepare a law suit; b) inform FBI. On b), I don't know if I should inform FBI branch in TX or just own state or both. Evil doers must be stopped soon. Your thoughts would be appreciated. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299095 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: OT - Box has been attacked by cowboy
Are you on a windows box? On Fri, Feb 15, 2008 at 12:52 PM, Don L [EMAIL PROTECTED] wrote: Yesterday around 7pm EST my box has been ruthlessly attacked (port scan and then data/schema alternation) by 75.126.166.15, which traced to SoftLayer Technologies, Inc. in TX. My course of actions: a) prepare a law suit; b) inform FBI. On b), I don't know if I should inform FBI branch in TX or just own state or both. Evil doers must be stopped soon. Your thoughts would be appreciated. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299117 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: OT - Box has been attacked by cowboy
I'd like to thank those who put forward thoughtful notes rather than put up a firwall, so, you think when you're being attacked you didn't have a firewall? this kind of 'move on' nonsense does not help anything, pay attention when you follow up, the attention should be of help/value. On the contrary, it's the only useful answer. If you have a known vulnerability, you have to fix it. The answer may not be as simple as put up a firewall, but if someone from Texas was able to get to your database server directly to change your schema, that indicates a clear problem. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Training: Adobe/Google/Paperthin Certified Partners http://training.figleaf.com/ WebManiacs 2008: the ultimate conference for CF/Flex/AIR developers! http://www.webmaniacsconference.com/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299115 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: OT - Box has been attacked by cowboy
I don't know how experienced with admining a windows box and do not want to offend. But if you are on a win box I wrote up a little security 101 off the top of my head. It is has been a few years since I did any sys admin work so others might want to chime in on things I over looked. - Disable the administrator account - Restrict access to remote desktop to one account with an obscure username - Make failed login attempts wait at least thirty seconds or a minute before logging in again - Run the Security Configuration Wizard (SCW) and lock down all ports, services and apps - Shut down all unneeded services. - Use ridiculous usernames and passwords. - Only allow local access (or one IP for dedicated DB) to database servers - Use an external, *hardware* based firewall - Keep everything patched and make sure you are on the security mailing lists for all third part apps, scripts and servers that you used. - Use AV, anti-spyware and anti-intrusion software And/Or get a server security suite by a reputable vender. To paraphrase: The price of a maintaining a server is eternal vigilance. On Fri, Feb 15, 2008 at 12:52 PM, Don L [EMAIL PROTECTED] wrote: Yesterday around 7pm EST my box has been ruthlessly attacked (port scan and then data/schema alternation) by 75.126.166.15, which traced to SoftLayer Technologies, Inc. in TX. My course of actions: a) prepare a law suit; b) inform FBI. On b), I don't know if I should inform FBI branch in TX or just own state or both. Evil doers must be stopped soon. Your thoughts would be appreciated. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299119 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: OT - Box has been attacked by cowboy
Your techniques are appreciated. From what I understand, you can't disable the admin account. I think you mean rename the administrator acct. Changing things from default ports would go a long way too. You can change the ports of RDP and SQL without really affecting functionality, and it would cut down on 99.% hack attempts. Further, if you can afford a hardware firewall, you can lock down access to said ports to trusted ips only and/or use a vpn login to the firewall first. Only have ports open to the public that need to be open to the public, which in most cases is just http/https. Russ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299123 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: OT - Box has been attacked by cowboy
Don L wrote: pay attention when you follow up, the attention should be of help/value. On public forums people will give you the advice they think you need, not the advice you want. Jochem ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299125 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: OT - Box has been attacked by cowboy
I don't think that anything said here is libelous in the least. He is only describing what happened. Hacks were done from an IP registered to SoftLayer. People /should/ be talking about these sorts of things so that ISPs hosting bad actors will tighten up security. We've seen a number of incidents traced back to softlayer ourselves and they should feel some heat when that happens. You have no idea whether this ISP is hosting bad actors. All you know is that attacks have been logged from their IP addresses. If Don's servers have been compromised, others may now log attacks from his servers. Is he a bad actor? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Training: Adobe/Google/Paperthin Certified Partners http://training.figleaf.com/ WebManiacs 2008: the ultimate conference for CF/Flex/AIR developers! http://www.webmaniacsconference.com/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299127 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: OT - Box has been attacked by cowboy
I'm unsure if it's 'your' server or a company that you work for, but if you don't know something, ignoring the problem doesn't constitute a solution and sure isn't a justifiable excuse. And you don't need to be an expert at security to handle this, because there are experts that tell you how to do it for free, including the companies / organizations that build the software you run. http://www.google.com/search?hl=enq=how+to+secure+a+windows+servermeta= http://www.google.com/search?hl=ensafe=offq=how+to+secure+a+SQL+server http://www.google.com/search?hl=ensafe=offq=how+to+secure+a+mysql+server http://www.google.com/search?hl=ensafe=offq=how+to+secure+an+apache+server http://www.google.com/search?hl=ensafe=offq=how+to+secure+an+IIS+server http://www.google.com/search?hl=ensafe=offq=how+to+secure+a+mail+server !k -Original Message- From: Don L [mailto:[EMAIL PROTECTED] Sent: Friday, February 15, 2008 2:10 PM To: CF-Talk Subject: Re: OT - Box has been attacked by cowboy . On the contrary, it's the only useful answer. If you have a known vulnerability, you have to fix it. The answer may not be as simple as put up a firewall, but if someone from Texas was able to get to your database server directly to change your schema, that indicates a clear problem. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Here's the thing, if I were a security professional, would I be in a better position to attack and/or defend my machine or any machines for that matter? Given the opportunity cost, could any of us be all and being experts in all? A clear and difficult challenge. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299128 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: OT - Box has been attacked by cowboy
Nick Gleason wrote: I don't think that anything said here is libelous in the least. I guess that depends on what jurisdiction you live. Hacks were done from an IP registered to SoftLayer. People /should/ be talking about these sorts of things so that ISPs hosting bad actors will tighten up security. We've seen a number of incidents traced back to softlayer ourselves and they should feel some heat when that happens. So did you block all of softlayer on your firewall? Jochem ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299129 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: OT - Box has been attacked by cowboy
On the contrary, it's the only useful answer. If you have a known vulnerability, you have to fix it. The answer may not be as simple as put up a firewall, but if someone from Texas was able to get to your database server directly to change your schema, that indicates a clear problem. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Here's the thing, if I were a security professional, would I be in a better position to attack and/or defend my machine or any machines for that matter? Given the opportunity cost, could any of us be all and being experts in all? A clear and difficult challenge. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299122 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: OT - Box has been attacked by cowboy
Don L wrote: Yesterday around 7pm EST my box has been ruthlessly attacked (port scan and then data/schema alternation) by 75.126.166.15, which traced to SoftLayer Technologies, Inc. in TX. My course of actions: a) prepare a law suit; b) inform FBI. My course of actions would have been: - take box down; - remove harddisk; - lock compromised harddisk in safe for later analysis; - put in new harddisk; - rebuild from backups; - analyze harddisk; - fix the security problem; - get back in business; - file a police report if considerable damages. I would have made very certain I didn't point fingers in public because it would ruin my chances in a lawsuit and it most likely meets the legal definition of libel. BTW, did you check to see if the attacker used your system to attack others? There may be people somewhere online blaming you for attacking them and filing reports to the FBI about you. Jochem ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299121 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: OT - Box has been attacked by cowboy
Yesterday around 7pm EST my box has been ruthlessly attacked (port scan and then data/schema alternation) by 75.126.166.15, which traced to SoftLayer Technologies, Inc. in TX. My course of actions: a) prepare a law suit; b) inform FBI. On b), I don't know if I should inform FBI branch in TX or just own state or both. Evil doers must be stopped soon. Who exactly do you plan to sue? You have no idea who's responsible. All you know is the IP address used to launch the attack. Maybe you could sue SoftLayer for negligence - for not having adequate security in place - but then again, you obviously don't have adequate security in place either. You are equally negligent, at least. What are your monetary damages? The FBI will generally only pursue cases where there are significant, demonstrable monetary damages. Finally, strictly speaking, a port scan isn't really an attack, although it may be malicious in intent and may set off IDS alarms. I strongly recommend that you focus your efforts on securing your systems, rather than a legal approach. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Training: Adobe/Google/Paperthin Certified Partners http://training.figleaf.com/ WebManiacs 2008: the ultimate conference for CF/Flex/AIR developers! http://www.webmaniacsconference.com/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299112 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: OT - Box has been attacked by cowboy
I don't think that anything said here is libelous in the least. He is only describing what happened. Hacks were done from an IP registered to SoftLayer. People /should/ be talking about these sorts of things so that ISPs hosting bad actors will tighten up security. We've seen a number of incidents traced back to softlayer ourselves and they should feel some heat when that happens. Just my $.02. N . .. -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Friday, February 15, 2008 3:15 PM To: CF-Talk Subject: Re: OT - Box has been attacked by cowboy Don L wrote: Yesterday around 7pm EST my box has been ruthlessly attacked (port scan and then data/schema alternation) by 75.126.166.15, which traced to SoftLayer Technologies, Inc. in TX. My course of actions: a) prepare a law suit; b) inform FBI. My course of actions would have been: - take box down; - remove harddisk; - lock compromised harddisk in safe for later analysis; - put in new harddisk; - rebuild from backups; - analyze harddisk; - fix the security problem; - get back in business; - file a police report if considerable damages. I would have made very certain I didn't point fingers in public because it would ruin my chances in a lawsuit and it most likely meets the legal definition of libel. BTW, did you check to see if the attacker used your system to attack others? There may be people somewhere online blaming you for attacking them and filing reports to the FBI about you. Jochem ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299124 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: OT - Box has been attacked by cowboy
Here's the thing, if I were a security professional, would I be in a better position to attack and/or defend my machine or any machines for that matter? Well, uh, yeah. Just like, presumably, you'd be better at writing CF apps than they would. Given the opportunity cost, could any of us be all and being experts in all? Probably not. But that's irrelevant, because there are plenty of qualified people who can do this sort of thing for you. If you don't know how to do it, you should get someone who does. That will let you get back to doing what you're good at. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Training: Adobe/Google/Paperthin Certified Partners http://training.figleaf.com/ WebManiacs 2008: the ultimate conference for CF/Flex/AIR developers! http://www.webmaniacsconference.com/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299126 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: OT - Box has been attacked by cowboy
I don't think any insult was meant, but you have to understand that for many companies, this is just one of the things they deal with on a regular basis. If you have a firewall and were breached, you need to find out how specifically how they got in. If you weren't breached, than for all intents and purposes, no harm... no foul, which by the way is exactly what the FBI or CSIS will tell you. If you don't have a firewall, than you might as well have posted your IP on craigslist asking to be hacked... !k -Original Message- From: Don L [mailto:[EMAIL PROTECTED] Sent: Friday, February 15, 2008 1:00 PM To: CF-Talk Subject: Re: OT - Box has been attacked by cowboy I'd like to thank those who put forward thoughtful notes rather than put up a firwall, so, you think when you're being attacked you didn't have a firewall? this kind of 'move on' nonsense does not help anything, pay attention when you follow up, the attention should be of help/value. To Hatton, yes, I immediately blocked them once detected attack. To Nick, we'll see. Don Yesterday around 7pm EST my box has been ruthlessly attacked (port ... Your thoughts would be appreciated. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299113 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: OT - Box has been attacked by cowboy
I would say that if SoftLayer's boxes are being compromised to launch attacks, then yes they are bad actors. Since we have seen many attacks coming from different Ips that are registered to them, I feel confident in making that assertion. I may also have some sympathy for them that they are the source of the problem. Perhaps they are doing their best or have great intentions. But, the results also matter and what is undeniable is that SL is the source of a lot of attacks. That is important and their should be some culpability for that sort of thing. If Don met the same criteria, then I would say the same thing. Respectfully, N . .. Nick Gleason | CitySoft, Inc. | http://www.citysoft.com Direct: (617) 899-5395 | Fax: (617) 507-0444 Spend Less Do More - Community Enterprise combines great features with an affordable price. . .. -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Friday, February 15, 2008 3:36 PM To: CF-Talk Subject: RE: OT - Box has been attacked by cowboy I don't think that anything said here is libelous in the least. He is only describing what happened. Hacks were done from an IP registered to SoftLayer. People /should/ be talking about these sorts of things so that ISPs hosting bad actors will tighten up security. We've seen a number of incidents traced back to softlayer ourselves and they should feel some heat when that happens. You have no idea whether this ISP is hosting bad actors. All you know is that attacks have been logged from their IP addresses. If Don's servers have been compromised, others may now log attacks from his servers. Is he a bad actor? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Training: Adobe/Google/Paperthin Certified Partners http://training.figleaf.com/ WebManiacs 2008: the ultimate conference for CF/Flex/AIR developers! http://www.webmaniacsconference.com/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299132 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: OT - Box has been attacked by cowboy
I would say that if SoftLayer's boxes are being compromised to launch attacks, then yes they are bad actors. Since we have seen many attacks coming from different Ips that are registered to them, I feel confident in making that assertion. Their name is strangely apropos. Soft Layer indeed. -- Josh ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299144 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: OT - Box has been attacked by cowboy
I would say that if SoftLayer's boxes are being compromised to launch attacks, then yes they are bad actors. They rent dedicated servers (10,000 of them according to them). That is the moral equivolent of holding a car rental company liable for accidents caused by people that rent the cars. The responsibility for the security for *unmanaged* servers the the person that operates the server, not the company from which it is rented. Just like you are responsible for securing your own desktop at home. Not if it were *managed* dedicated servers being compromised that would be another case entirely. On Fri, Feb 15, 2008 at 4:15 PM, Nick Gleason [EMAIL PROTECTED] wrote: I would say that if SoftLayer's boxes are being compromised to launch attacks, then yes they are bad actors. Since we have seen many attacks coming from different Ips that are registered to them, I feel confident in making that assertion. I may also have some sympathy for them that they are the source of the problem. Perhaps they are doing their best or have great intentions. But, the results also matter and what is undeniable is that SL is the source of a lot of attacks. That is important and their should be some culpability for that sort of thing. If Don met the same criteria, then I would say the same thing. Respectfully, N . .. Nick Gleason | CitySoft, Inc. | http://www.citysoft.com Direct: (617) 899-5395 | Fax: (617) 507-0444 Spend Less Do More - Community Enterprise combines great features with an affordable price. . .. -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Friday, February 15, 2008 3:36 PM To: CF-Talk Subject: RE: OT - Box has been attacked by cowboy I don't think that anything said here is libelous in the least. He is only describing what happened. Hacks were done from an IP registered to SoftLayer. People /should/ be talking about these sorts of things so that ISPs hosting bad actors will tighten up security. We've seen a number of incidents traced back to softlayer ourselves and they should feel some heat when that happens. You have no idea whether this ISP is hosting bad actors. All you know is that attacks have been logged from their IP addresses. If Don's servers have been compromised, others may now log attacks from his servers. Is he a bad actor? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Training: Adobe/Google/Paperthin Certified Partners http://training.figleaf.com/ WebManiacs 2008: the ultimate conference for CF/Flex/AIR developers! http://www.webmaniacsconference.com/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299145 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: OT - Box has been attacked by cowboy
Yep. They basically let you do whatever. We used to host with them. --Ben Doom Josh Nathanson wrote: That is the moral equivolent of holding a car rental company liable for accidents caused by people that rent the cars. The responsibility for the security for *unmanaged* servers the the person that operates the server, not the company from which it is rented. Just like you are responsible for securing your own desktop at home. In that case I take back my jab at them. I didn't realize they were unmanaged. -- Josh ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299149 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: OT - Box has been attacked by cowboy
That is the moral equivolent of holding a car rental company liable for accidents caused by people that rent the cars. The responsibility for the security for *unmanaged* servers the the person that operates the server, not the company from which it is rented. Just like you are responsible for securing your own desktop at home. In that case I take back my jab at them. I didn't realize they were unmanaged. -- Josh ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299148 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: OT - Box has been attacked by cowboy
I realized that this last post seemed harsh, so I thought I'd clarify. My point is that since you're in the middle of this, there's better things to do than assess blame. I understand that you're upset and frustrated, but looking to point the finger to blame will not lead to anyone but yourself and that's not going to help you deal with this. If you desperately need to keep the server online, a quick fix is a small home based router / firewall that can hold you through while you sort this out. They're built to be easy to configure via browser and generally you can get them for quite cheap. Configuring it would be much easier than trying to learn how to console into a Cisco Pix... If you don't need it up, than take it down immediately so that you don't cause the same grief to others online. !k -Original Message- From: Kevin Aebig [mailto:[EMAIL PROTECTED] Sent: Friday, February 15, 2008 2:38 PM To: CF-Talk Subject: RE: OT - Box has been attacked by cowboy I'm unsure if it's 'your' server or a company that you work for, but if you don't know something, ignoring the problem doesn't constitute a solution and sure isn't a justifiable excuse. And you don't need to be an expert at security to handle this, because there are experts that tell you how to do it for free, including the companies / organizations that build the software you run. http://www.google.com/search?hl=enq=how+to+secure+a+windows+servermeta= http://www.google.com/search?hl=ensafe=offq=how+to+secure+a+SQL+server http://www.google.com/search?hl=ensafe=offq=how+to+secure+a+mysql+server http://www.google.com/search?hl=ensafe=offq=how+to+secure+an+apache+server http://www.google.com/search?hl=ensafe=offq=how+to+secure+an+IIS+server http://www.google.com/search?hl=ensafe=offq=how+to+secure+a+mail+server !k -Original Message- From: Don L [mailto:[EMAIL PROTECTED] Sent: Friday, February 15, 2008 2:10 PM To: CF-Talk Subject: Re: OT - Box has been attacked by cowboy .. On the contrary, it's the only useful answer. If you have a known vulnerability, you have to fix it. The answer may not be as simple as put up a firewall, but if someone from Texas was able to get to your database server directly to change your schema, that indicates a clear problem. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Here's the thing, if I were a security professional, would I be in a better position to attack and/or defend my machine or any machines for that matter? Given the opportunity cost, could any of us be all and being experts in all? A clear and difficult challenge. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299131 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: OT - Box has been attacked by cowboy
From what I understand, you can't disable the admin account. I think you mean rename the administrator acct. Changing things from default ports would go a long way too. You can change the ports of RDP and SQL without really affecting functionality, and it would cut down on 99.% hack attempts. Further, if you can afford a hardware firewall, you can lock down access to said ports to trusted ips only and/or use a vpn login to the firewall first. Only have ports open to the public that need to be open to the public, which in most cases is just http/https. Russ -Original Message- From: Gerald Guido [mailto:[EMAIL PROTECTED] Sent: Friday, February 15, 2008 3:00 PM To: CF-Talk Subject: Re: OT - Box has been attacked by cowboy I don't know how experienced with admining a windows box and do not want to offend. But if you are on a win box I wrote up a little security 101 off the top of my head. It is has been a few years since I did any sys admin work so others might want to chime in on things I over looked. - Disable the administrator account - Restrict access to remote desktop to one account with an obscure username - Make failed login attempts wait at least thirty seconds or a minute before logging in again - Run the Security Configuration Wizard (SCW) and lock down all ports, services and apps - Shut down all unneeded services. - Use ridiculous usernames and passwords. - Only allow local access (or one IP for dedicated DB) to database servers - Use an external, *hardware* based firewall - Keep everything patched and make sure you are on the security mailing lists for all third part apps, scripts and servers that you used. - Use AV, anti-spyware and anti-intrusion software And/Or get a server security suite by a reputable vender. To paraphrase: The price of a maintaining a server is eternal vigilance. On Fri, Feb 15, 2008 at 12:52 PM, Don L [EMAIL PROTECTED] wrote: Yesterday around 7pm EST my box has been ruthlessly attacked (port scan and then data/schema alternation) by 75.126.166.15, which traced to SoftLayer Technologies, Inc. in TX. My course of actions: a) prepare a law suit; b) inform FBI. On b), I don't know if I should inform FBI branch in TX or just own state or both. Evil doers must be stopped soon. Your thoughts would be appreciated. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299120 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: OT - Box has been attacked by cowboy
I know jack about cars. That's why I hire mechanics. If you don't feel competent regarding securing your server(s), hire someone who is. I completely understand not knowing that you are not secure enough the first time. However, complaining that you don't know enough and asking for a magic fix for security is not a reasonable solution. --Ben Doom Don L wrote: On the contrary, it's the only useful answer. If you have a known vulnerability, you have to fix it. The answer may not be as simple as put up a firewall, but if someone from Texas was able to get to your database server directly to change your schema, that indicates a clear problem. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Here's the thing, if I were a security professional, would I be in a better position to attack and/or defend my machine or any machines for that matter? Given the opportunity cost, could any of us be all and being experts in all? A clear and difficult challenge. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299130 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: OT - Box has been attacked by cowboy
No, no, no, I wasn't looking for someone to blame, consider the attack on my box yesterday as a car accident as someone has so vividly alluded to, well, someone was saying, hey, why were you on road, I have the right to hit your car even if you're following traffic rules? Yes, I do have knowledge about server security, however, as I mentioned, it's also involved with Opportunity Cost, but yes indeed, there's neglect from my own part, I'm not consistent enough in enforcing security for the box. Thanks for your time and the pointers. I realized that this last post seemed harsh, so I thought I'd clarify. My point is that since you're in the middle of this, there's better things to do than assess blame. I understand that you're upset and frustrated, but looking to point the finger to blame will not lead to anyone but yourself and that's not going to help you deal with this. If you desperately need to keep the server online, a quick fix is a small home based router / firewall that can hold you through while you sort this out. They're built to be easy to configure via browser and generally you can get them for quite cheap. Configuring it would be much easier than trying to learn how to console into a Cisco Pix... If you don't need it up, than take it down immediately so that you don't cause the same grief to others online. !k I'm unsure if it's 'your' server or a company that you work for, but if you don't know something, ignoring the problem doesn't constitute a solution and sure isn't a justifiable excuse. And you don't need to be an expert at security to handle this, because there are experts that tell you how to do it for free, including the companies / organizations that build the software you run. http://www.google.com/search?hl=enq=how+to+secure+a+windows+servermeta= http://www.google.com/search?hl=ensafe=offq=how+to+secure+a+SQL+server http://www.google.com/search?hl=ensafe=offq=how+to+secure+a+mysql+server http://www.google.com/search?hl=ensafe=offq=how+to+secure+an+apache+server http://www.google.com/search?hl=ensafe=offq=how+to+secure+an+IIS+server http://www.google.com/search?hl=ensafe=offq=how+to+secure+a+mail+server !k . Here's the thing, if I were a security professional, would I be in a better position to attack and/or defend my machine or any machines for that matter? Given the opportunity cost, could any of us be all and being experts in all? A clear and difficult challenge. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299160 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: OT - Box has been attacked by cowboy
Jochem, We have blocked some of softlayer, of course. And, followed up with them as well. But, a related problem that we have had is that as we block these and other IPs, we have found that legitimate users are being blocked in some cases. It has turned out to be more difficult than expected to exclude only the bad IPs. That is, when a legitimate user complains about being blocked, their actual IP address is almost never actually blocked by us. So, then we have to try and figure out what IP is being blocked that is impacting them. That has been very difficult and we have not found a way to do it effectively. I have talked to others with more experience in this area and at least one person said that they eventually gave up and simply unblocked all US IPs, as in the following comment: - I usually leave it wide open in US/Canada/Europe and just block all the interesting countries. We dealt with it some on RealSelf, used one of the blacklisting tools... had a lot of the same issues - blocking lots of legitimate users and whole hosting providers. We ended up just opening it back up, and filtering by country - I know, I know... - So, in this scenario, if we unblock a lot of bad Ips in order to make sure that no legitimate users are impacted, then we are more vulnerable to hackers. And, even assuming that we have secured our servers, etc., it still consumes a lot of time and resources. Respectfully, N . .. -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Friday, February 15, 2008 3:40 PM To: CF-Talk Subject: Re: OT - Box has been attacked by cowboy Nick Gleason wrote: I don't think that anything said here is libelous in the least. I guess that depends on what jurisdiction you live. Hacks were done from an IP registered to SoftLayer. People /should/ be talking about these sorts of things so that ISPs hosting bad actors will tighten up security. We've seen a number of incidents traced back to softlayer ourselves and they should feel some heat when that happens. So did you block all of softlayer on your firewall? Jochem ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299165 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: OT - Box has been attacked by cowboy
Gerald, Yes, I am saying that the hosting business shouldn't be run like the car rental business in this regard. But, even so, that analogy doesn't hold a lot of water. Car rental companies do, in fact, screen their users. You have to have a valid license. You have to be of a certain age, and so forth. If you are a flagrantly reckless driver, or violate their terms, you will not be able to rent a car. And, most importantly, if you rent a car and crash into me, a car rental company won't hide your identity. In contrast, when I ask softlayer and other hosting shops to provide information about whose servers are actually launching the attacks, they never comply. So, yes, I am saying that they and their clients should be required to take some responsibility. When hosting companies let spammers run wild, they have come under pressure legally and more informally to do something about it and that is the direction I would like to see these kinds of issues go in. Respectfully, N -Original Message- From: Gerald Guido [mailto:[EMAIL PROTECTED] Sent: Friday, February 15, 2008 4:49 PM To: CF-Talk Subject: Re: OT - Box has been attacked by cowboy I would say that if SoftLayer's boxes are being compromised to launch attacks, then yes they are bad actors. They rent dedicated servers (10,000 of them according to them). That is the moral equivolent of holding a car rental company liable for accidents caused by people that rent the cars. The responsibility for the security for *unmanaged* servers the the person that operates the server, not the company from which it is rented. Just like you are responsible for securing your own desktop at home. Not if it were *managed* dedicated servers being compromised that would be another case entirely. On Fri, Feb 15, 2008 at 4:15 PM, Nick Gleason [EMAIL PROTECTED] wrote: I would say that if SoftLayer's boxes are being compromised to launch attacks, then yes they are bad actors. Since we have seen many attacks coming from different Ips that are registered to them, I feel confident in making that assertion. I may also have some sympathy for them that they are the source of the problem. Perhaps they are doing their best or have great intentions. But, the results also matter and what is undeniable is that SL is the source of a lot of attacks. That is important and their should be some culpability for that sort of thing. If Don met the same criteria, then I would say the same thing. Respectfully, N .. ... .. Nick Gleason | CitySoft, Inc. | http://www.citysoft.com Direct: (617) 899-5395 | Fax: (617) 507-0444 Spend Less Do More - Community Enterprise combines great features with an affordable price. .. ... .. -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Friday, February 15, 2008 3:36 PM To: CF-Talk Subject: RE: OT - Box has been attacked by cowboy I don't think that anything said here is libelous in the least. He is only describing what happened. Hacks were done from an IP registered to SoftLayer. People /should/ be talking about these sorts of things so that ISPs hosting bad actors will tighten up security. We've seen a number of incidents traced back to softlayer ourselves and they should feel some heat when that happens. You have no idea whether this ISP is hosting bad actors. All you know is that attacks have been logged from their IP addresses. If Don's servers have been compromised, others may now log attacks from his servers. Is he a bad actor? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Training: Adobe/Google/Paperthin Certified Partners http://training.figleaf.com/ WebManiacs 2008: the ultimate conference for CF/Flex/AIR developers! http://www.webmaniacsconference.com/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299164 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: OT - Box has been attacked by cowboy
I think it's closer to considering an attack on your box car theft. You left the window open, so someone opened the door, came in and messed with your radio stations and stole the change from the tray. (I'm not really sure what the damages were in your case). Is it not your own fault for leaving the window open? Maybe you forgot to close it, or didn't realize it was open. Either way you're responsible for securing your car. You probably just never though you'd be hacked because you have nothing worth stealing (not saying that you have nothing worth stealing, but this is how a lot of people think). Unfortunately there are script kiddies out there, and more hardened criminals that might be interested in just messing around, or stealing bandwidth (we were hacked once and they set up a warez ftp server). So if you have a firewall, please, please close off any unnecessary ports. Change all the default ports and usernames (except things like http/https of course). It might be a bit annoying to use at first, but you get used to it, and it's a small price to pay for security. Russ -Original Message- From: Don L [mailto:[EMAIL PROTECTED] Sent: Friday, February 15, 2008 6:24 PM To: CF-Talk Subject: Re: OT - Box has been attacked by cowboy No, no, no, I wasn't looking for someone to blame, consider the attack on my box yesterday as a car accident as someone has so vividly alluded to, well, someone was saying, hey, why were you on road, I have the right to hit your car even if you're following traffic rules? Yes, I do have knowledge about server security, however, as I mentioned, it's also involved with Opportunity Cost, but yes indeed, there's neglect from my own part, I'm not consistent enough in enforcing security for the box. Thanks for your time and the pointers. I realized that this last post seemed harsh, so I thought I'd clarify. My point is that since you're in the middle of this, there's better things to do than assess blame. I understand that you're upset and frustrated, but looking to point the finger to blame will not lead to anyone but yourself and that's not going to help you deal with this. If you desperately need to keep the server online, a quick fix is a small home based router / firewall that can hold you through while you sort this out. They're built to be easy to configure via browser and generally you can get them for quite cheap. Configuring it would be much easier than trying to learn how to console into a Cisco Pix... If you don't need it up, than take it down immediately so that you don't cause the same grief to others online. !k I'm unsure if it's 'your' server or a company that you work for, but if you don't know something, ignoring the problem doesn't constitute a solution and sure isn't a justifiable excuse. And you don't need to be an expert at security to handle this, because there are experts that tell you how to do it for free, including the companies / organizations that build the software you run. http://www.google.com/search?hl=enq=how+to+secure+a+windows+servermeta= http://www.google.com/search?hl=ensafe=offq=how+to+secure+a+SQL+server http://www.google.com/search?hl=ensafe=offq=how+to+secure+a+mysql+serve r http://www.google.com/search?hl=ensafe=offq=how+to+secure+an+apache+ser ver http://www.google.com/search?hl=ensafe=offq=how+to+secure+an+IIS+server http://www.google.com/search?hl=ensafe=offq=how+to+secure+a+mail+server !k . Here's the thing, if I were a security professional, would I be in a better position to attack and/or defend my machine or any machines for that matter? Given the opportunity cost, could any of us be all and being experts in all? A clear and difficult challenge. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299170 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: OT - Box has been attacked by cowboy
Ok, since we're at it and I don't mind if you compared it to 'theft', well, let me say this, the 'windows'/'doors' were all locked but as you mentioned, but hardened criminals would probably have a way to get it. Yes, I'm not saying not to put up a defense/protection. You know what, someone should offer computer security insurance... I think it's closer to considering an attack on your box car theft. You left the window open, so someone opened the door, came in and messed with your radio stations and stole the change from the tray. (I'm not really sure what the damages were in your case). Is it not your own fault for leaving the window open? Maybe you forgot to close it, or didn't realize it was open. Either way you're responsible for securing your car. You probably just never though you'd be hacked because you have nothing worth stealing (not saying that you have nothing worth stealing, but this is how a lot of people think). Unfortunately there are script kiddies out there, and more hardened criminals that might be interested in just messing around, or stealing bandwidth (we were hacked once and they set up a warez ftp server). So if you have a firewall, please, please close off any unnecessary ports. Change all the default ports and usernames (except things like http/https of course). It might be a bit annoying to use at first, but you get used to it, and it's a small price to pay for security. Russ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299171 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: OT - Box has been attacked by cowboy
You know what, someone should offer computer security insurance... Isn't Google wonderful!! http://www.insurenewmedia.com/pages/network-liability.asp Andrew. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299172 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
