SS: Work server hacked

Memo · 08-29-2006, 03:27 PM

So, the main server at work here got hacked and I have no idea how. Some ******* came in and changed the root password and deleted all other accounts, installed apache, an irc bounce, created a bunch of empty directories which seem to be preparing it to become a warez dump

.

Cubsfan · 08-29-2006, 03:42 PM

Not very sneaky, are they? Seems like if they really wanted that plan to work, they wouldn't have necessarily changed the root passwords. That's likely to get noticed quickly.

What OS?

Memo · 08-29-2006, 04:20 PM

Unix.

They didn't change the passwords on me till I stopped the Apache server they had installed. The ****tiest part is that I have no idea how they got in.

Cubsfan · 08-29-2006, 04:31 PM

Ahh, so they didn't change it until they knew they were caught. I'm guessing you can recover?

Memo · 08-29-2006, 04:58 PM

We're running on the slave so we're ok for now, but I guess without finding the source of the intrusion I can't truly be "safe."

The kicker is the *******s at the IT department of our sister company changed the password to MY router here. When I inquired about it they denied changing it. They then admitted it and refused to give it to me because they didn't trust me with the bridge between our 2 LANs (eventhough I set it up and walked them through the set up of the router on their side

). It realy makes me think they are the ones who did this. Either way, I contacted directly to the Cisco router and recovered and changed the passwords myself.

Prngr44 · 08-30-2006, 08:17 AM

Sounds like some drama!

08-29-2006, 03:27 PM	#1
Memo Admiral Join Date: Apr 2001 Location: East Village Posts: 5,659	SS: Work server hacked So, the main server at work here got hacked and I have no idea how. Some ******* came in and changed the root password and deleted all other accounts, installed apache, an irc bounce, created a bunch of empty directories which seem to be preparing it to become a warez dump .

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

08-29-2006, 03:42 PM	#2
Cubsfan Rear Admiral Lower Half Join Date: Jul 2001 Location: Colorado Posts: 2,743	Not very sneaky, are they? Seems like if they really wanted that plan to work, they wouldn't have necessarily changed the root passwords. That's likely to get noticed quickly. What OS?

08-29-2006, 04:20 PM	#3
Memo Admiral Join Date: Apr 2001 Location: East Village Posts: 5,659	Unix. They didn't change the passwords on me till I stopped the Apache server they had installed. The ****tiest part is that I have no idea how they got in.

08-29-2006, 04:31 PM	#4
Cubsfan Rear Admiral Lower Half Join Date: Jul 2001 Location: Colorado Posts: 2,743	Ahh, so they didn't change it until they knew they were caught. I'm guessing you can recover?

08-29-2006, 04:58 PM	#5
Memo Admiral Join Date: Apr 2001 Location: East Village Posts: 5,659	We're running on the slave so we're ok for now, but I guess without finding the source of the intrusion I can't truly be "safe." The kicker is the *******s at the IT department of our sister company changed the password to MY router here. When I inquired about it they denied changing it. They then admitted it and refused to give it to me because they didn't trust me with the bridge between our 2 LANs (eventhough I set it up and walked them through the set up of the router on their side ). It realy makes me think they are the ones who did this. Either way, I contacted directly to the Cisco router and recovered and changed the passwords myself.

08-30-2006, 08:17 AM	#6
Prngr44 Rear Admiral Lower Half Join Date: Feb 2003 Location: St. Louis Posts: 2,620	Sounds like some drama!

User Name
Password
Remember Me?