We had a pretty shocking discovery the other day when a new client who has old systems in place (we are trying to convince to upgrade) had a whole lot of strange things on one of their server's screens. After taking a look, we discovered that someone had logged onto the server using vnc . We traced it back to someone in Turkey. They didn't do a great job of covering their tracks which is pretty unusual in my experience. Usually the only way you can tell your server has been hacked is because all the log files have been deleted. Considering how rubbish their internet connection is, they probably lost interest. What did they do? Well... essentially used various websites that sent spam email, pretending to be from Credit Agricole Bank to thousands of email addresses in France. Pretty serious stuff. They used different websites and different bits of software to do this. Step one is to block access to the server for them to carry on utilising the server as a gateway. Note the...
I appreciated your work very thanks
ReplyDeleteI.T Recruitment Australia