server hack!!

We had a pretty shocking discovery the other day when a new client who has old systems in place (we are trying to convince to upgrade) had a whole lot of strange things on one of their server's screens. After taking a look, we discovered that someone had logged onto the server using vnc .

We traced it back to someone in Turkey. They didn't do a great job of covering their tracks which is pretty unusual in my experience. Usually the only way you can tell your server has been hacked is because all the log files have been deleted. Considering how rubbish their internet connection is, they probably lost interest. 

What did they do? Well... essentially used various websites that sent spam email, pretending to be from Credit Agricole Bank to thousands of email addresses in France. Pretty serious stuff. They used different websites and different bits of software to do this.

Step one is to block access to the server for them to carry on utilising the server as a gateway. Note the important thing here. The server was not hacked to access the client's data, it was hacked to use the server as a computer to send out large amounts of spam email. I often get people telling me that no one would be interested in their data and therefore they won't be hacked. Thats BS guys... and here is the proof...

So changed the admin password, uninstalled VNC off the servers. Blocked the VNC ports on the firewall. Took down what info we could of what had happened but it was more important to protect the network from further access. Uninstalled any dodgy looking software on the server.

Couple of reboots, virus scanning, going through everything with a fine tooth comb essentially. Happy the servers and network were now protected from any further unwanted visitors.

Pretty interesting episode and quite scary how easy and quickly this kind of thing can happen so be warned. If you are not confident your systems are protected then get in touch with us - Colins IT Ltd

In the first instance you should not only have anti-virus on every single machine but ensure that it is running correctly, it has been configured to scan everything on the network, runs a full scan regularly, reports any suspicious files, is constantly updated.

Oh, and using free anti-virus... seriously.. you get what you pay for. If you can't afford to pay £30 odd a year to protect your vital data, credit card details, countless hours of work etc... something worth thinking about...







Comments

Post a Comment

Popular posts from this blog

Scary Truth about Facebook Messenger

Here is a short list of the most disturbing permissions it requires and a quick explanation of what it means to you and the privacy settings on your phone. • Change the state of network connectivity – So Facebook can change or alter your connection to the Internet or your mobile service. You’re basically giving Facebook permission to turn features on your phone on and off and without telling you. • Call phone numbers and send SMS messages – Facebook is able to automatically send text messages to your contacts on your behalf without your consent. Read more here
Read more

some key achievments

- Successfully project managed the migration to new hardware and software versions of over 10 windows servers, small business servers and exchange servers for different clients. Including exchange 2003 to exchange 2007. - Managed the servers and network infrastructure of over 40 clients ensuring all equipment is healthy and monitored and reducing downtime by an average of 30%. - Managed up to five support engineers including assigning work, training etc. - Responsible for identifying and implementing business management software that resulted in 23% increased profit, greatly improved efficiency and reduced billing slippage. Autotask and Connect Wise software. - Introduced ITIL and other help desk standards and policies to improve efficiency and IT support effectiveness delivered to our customers. - Project managed a number of virtualization implementation projects resulting in huge cost savings including £2k a year in electricity alone.
Read more

Website

Continuing to develop and update my website with content. In serious need if some graphic work which I will get round to soon!! - Posted using BlogPress from my iPhone
Read more