[BNM] hacking...
Antony Jones
antonyj at gamesys.co.uk
Mon Nov 5 10:31:11 GMT 2007
Yep but it was my fault, I had samba passwords based on my user
passwords, and I forgot one of them so I changed it to the same as the
username.
Oops.
Antony Jones
Developer
Gamesys Limited
e: antonyj at gamesys.co.uk
t: 0207 478 8103
a: 1st Floor, 54-62 Regent Street, LONDON, W1B 5RE
Save trees and protect the environment - think before you print this
email!
> -----Original Message-----
> From: bnmlist-bounces at brightonnewmedia.org [mailto:bnmlist-
> bounces at brightonnewmedia.org] On Behalf Of Richard Maynard / Wessex
> Networks
> Sent: 05 November 2007 10:17
> To: 'Brighton New Media'
> Subject: Re: [BNM] hacking...
>
> Ugh... that is *nasty*
>
> Leaving .bash_history was a bit of a schoolboy error though. Lol.
>
> Regards,
>
> Richard.
>
> Wessex Networks
> Linchmere Place
> Ifield
> Crawley
> West Sussex
> RH11 0EX
> www.wessexnetworks.com rjm at wessexnetworks.com
> T: 01293 542080 F: 01293 553849
>
> -----Original Message-----
> From: bnmlist-bounces at brightonnewmedia.org
> [mailto:bnmlist-bounces at brightonnewmedia.org] On Behalf Of Antony
Jones
> Sent: 05 November 2007 10:11
> To: Brighton New Media
> Subject: Re: [BNM] hacking...
>
> > You did completely re-install the server, not just fix the hole -
> > presuming you know how they got access in the first place? Once
you've
> > been compromised you can't trust that backdoors/rootkits etc haven't
> > been installed. Wipe the machine, re-install, start from scratch.
>
> When it happened to me they forgot to wipe .bash_history, so I just
read
> through all the steps they took and examined what their 'rootkit' did.
>
> I too reinstalled though, they'd written over things like netstat and
> /bin/bash with custom versions which were obviously hiding/logging
> things.
>
> Antony Jones
> Developer
>
> Gamesys Limited
> e: antonyj at gamesys.co.uk
> t: 0207 478 8103
> a: 1st Floor, 54-62 Regent Street, LONDON, W1B 5RE
>
> Save trees and protect the environment - think before you print this
> email!
>
> > -----Original Message-----
> > From: bnmlist-bounces at brightonnewmedia.org [mailto:bnmlist-
> > bounces at brightonnewmedia.org] On Behalf Of Jay Caines-Gooby
> > Sent: 05 November 2007 10:04
> > To: Brighton New Media
> > Subject: Re: [BNM] hacking...
> >
> > On 11/4/07, Simon Early <simon.early at gmail.com> wrote:
> > > some time ago we had our main site hacked by some little shit in
the
> USA
> > and
> > > he caused havoc.
> >
> > You did completely re-install the server, not just fix the hole -
> > presuming you know how they got access in the first place? Once
you've
> > been compromised you can't trust that backdoors/rootkits etc haven't
> > been installed. Wipe the machine, re-install, start from scratch.
> >
> > Did you store credit card numbers and/or passwords in plaintext in
> > your database? Better inform the relevant customers if so. Better
> > re-set their password also.
> >
> > Was the machine a windows or unix box?
> >
> > --
> > Jay Caines-Gooby
> > jay at gooby.org
> > +44 (0)7956 182625
> > skype: jaygooby
> > gtalk: jaygooby at gmail.com
> > AIM: jaygooby
> > --
> >
> > BNM Subscribe/Unsubscribe:
> > http://www.brightonnewmedia.org/options/bnmlist
> >
> > List jobs for 10 pounds on Sussex Digital. Use promo code bnm10
> > http://jobs.sussexdigital.com/
> >
> > Join BNM on Linkedin -
> http://www.linkedin.com/e/gis/23805/5841CA3F0360
> >
> > BNM powered by Wessex Networks:
> > http://www.wessexnetworks.com
> --
>
> BNM Subscribe/Unsubscribe:
> http://www.brightonnewmedia.org/options/bnmlist
>
> List jobs for 10 pounds on Sussex Digital. Use promo code bnm10
> http://jobs.sussexdigital.com/
>
> Join BNM on Linkedin -
http://www.linkedin.com/e/gis/23805/5841CA3F0360
>
> BNM powered by Wessex Networks:
> http://www.wessexnetworks.com
>
> --
>
> BNM Subscribe/Unsubscribe:
> http://www.brightonnewmedia.org/options/bnmlist
>
> List jobs for 10 pounds on Sussex Digital. Use promo code bnm10
> http://jobs.sussexdigital.com/
>
> Join BNM on Linkedin -
http://www.linkedin.com/e/gis/23805/5841CA3F0360
>
> BNM powered by Wessex Networks:
> http://www.wessexnetworks.com
More information about the BNMlist
mailing list. Powered by Wessex Networks