|
| |
|
|
Smitty
Posts: 221
From: Anaheim, Ca. USA
Status: offline
 |
I was hacked. Now what? - 12/6/2001 23:34:55
It would appear that on or about 11/25 my site was infected with W32.nimba virus. While I am still working on getting things back in order, I came across some files.
The question is:
1. Now What?
2. Someone put some "Friends" eposodes on my computer. They are gone now.
3. What is a good way to prevent this or minimize this from happening again.
4. There was a Tagged and logged File folder, does that mean others know the way into my system?
Any help or suggestions while I rebuild would be a big help. Windows 2000 advanced server. dsl router doing port translation, 2000 SQL server.
Thanks
John A. Smith
Cheif cook and Bottle Washer: sorryiforgot.com hairschool.org
If you have to ask "Who's the man?" Your probaly not him.
|
|
|
|
caywind
Posts: 1479
From: USA
Status: offline
|
RE: I was hacked. Now what? - 12/7/2001 3:06:51
Where's the rollback? backup? redundant servers! remember, in networks almost everything comes in twos. That means backups and planning for every contingency. The network must be up. Not trying to sound all mighty here, I learned this one the hard way too.
hey, need a break? http://webpages.charter.net/cwind/SSGallery/indexFP.htm
| |
|
|
|
caywind
Posts: 1479
From: USA
Status: offline
|
RE: I was hacked. Now what? - 12/7/2001 3:12:25
Didn't nimda create it's own mail server and propogate that way? If you're connected to the network you should take precautions. I think it was nimda that also spread via unprotected shared network folders.
hey, need a break? http://webpages.charter.net/cwind/SSGallery/indexFP.htm
| |
|
|
|
Smitty
Posts: 221
From: Anaheim, Ca. USA
Status: offline
|
RE: I was hacked. Now what? - 12/7/2001 16:26:43
I have 3 computers on my network. I am using Port translation on my DSL Router, The only port open is Port 80 for the web server.
What software aside from the patches can I use to monitor for attacks intrusion.
I'm not sure how they got past the port translation to place files onto the computer in the first place.
I feel pretty open, when I read this was a good firewall method. Yes, i know nothing is perfect, but what else should I do?
Thanks for the help. This weekend is the re-format and reinstall.
John A. Smith
Cheif cook and Bottle Washer: sorryiforgot.com hairschool.org
If you have to ask "Who's the man?" Your probaly not him.
| |
|
|
|
PBailey
Posts: 907
From: San Antonio, Texas USA
Status: offline
|
RE: I was hacked. Now what? - 12/7/2001 17:12:53
Smitty,
The dsl router will give you protection but it won't protect against virus that comes in through e-mail. You need to keep your virus protection current and run full scans on a regular basis besides loading the patches.
You also might wnat to run one or two of the free open port checks available on the web and see if 80 is really the only port open. (After you get it cleaned up).
Definitly read the links Rian sent and Norton has good information at:
http://www.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html
Paula
| |
|
|
|
Smitty
Posts: 221
From: Anaheim, Ca. USA
Status: offline
|
RE: I was hacked. Now what? - 12/8/2001 0:46:58
Thanks for all the help.
Just when I thought I had a handle on getting my web site up and functioning. Well the learning curve will be a circle when I get done.
John A. Smith
Cheif cook and Bottle Washer: sorryiforgot.com hairschool.org
If you have to ask "Who's the man?" Your probaly not him.
| |
|
|
|
Smitty
Posts: 221
From: Anaheim, Ca. USA
Status: offline
|
RE: I was hacked. Now what? - 12/8/2001 10:07:44
All,
I have purchased Nortona and McAfee anti vitus latest and greatest versions. One problem they don't work on 2000 Servers. I am looking for Network Antivirus software any ideas. I found something from Panda, they have a free trial so I got it.
What would you recommend?
All of the Network Software not only is over $300.00, but the sales people, don't appear interested in such a small sale. Trying to get a call back or e-mail response is a joke, one week.
Thanks
John A. Smith
Cheif cook and Bottle Washer: sorryiforgot.com hairschool.org
If you have to ask "Who's the man?" Your probaly not him.
| |
|
|
|
sarge
Posts: 377
From: London England
Status: offline
|
RE: I was hacked. Now what? - 12/8/2001 22:09:07
ooooohh!
All of this just gives me a great big headache. I wouldn't know if I've been hit by a virus, or if it's just one of those inexplicable 'things' that cause inexplicable delays etc. I can't believe that I'm just the lucky one that has escaped all this virus stuff. I'm probably suffering now from downgraded performance or whathaveyou, but I wouldn't know the difference.
I just wish that there was a beautifully engineered piece of software that I could point at my machine and say "Go boy... KILL".
..And as for the 'authors' of those viruses? Well, I think that they have all the charisma of a cowpat. Their efforts can be equated with the anonymous authors that leave their anonymous drivel on lavatory walls. They are not clever. They are sad little people who revel in vandalism. Do they really think that this leaves their mark upon history.. or what?
Can these despicable little insects not be traced?
Can the ISP's not get together to form some sort of alliance to stamp on them?
Can there be a UN agreement on the death penalty for them?
Oh well - it's 3 am in the UK, and I've downed two bottles of beaujolais..
g'nite
Sarge
| |
|
|
|
Rian
Posts: 1960
From: Lincoln, Nebraska USA
Status: offline
|
RE: I was hacked. Now what? - 12/9/2001 3:14:47
quote:
Can these despicable little insects not be traced?
Here you go sarge! 
http://www.foxnews.com/story/0,2933,40427,00.html
JERUSALEM — Four Israeli teens confessed Saturday to writing and spreading the "Goner" computer worm that attacked computers worldwide this month, according to police.
The teens, ages 15 and 16, are high school students in the northern city of Nahariya, said Meir Zohar, head of the police computer crime squad.
One of the teens confessed to writing the worm and the other youths confessed to spreading it, Zohar said. All four are in custody and could face between three and five years in jail if convicted.
Rian 
"Designing The Future"
SR Web Creators
www.srwebcreators.com
"What boots up must come down..."
| |
|
|
|
Smitty
Posts: 221
From: Anaheim, Ca. USA
Status: offline
|
RE: I was hacked. Now what? - 12/9/2001 22:27:37
Sweet, I am ever amazed at the length of time people will spend to do something, truly stupid and unproductive.
If they where so good, they should be thinking that it's harder to build than to destroy..
What kind of network anti-virus would work best. I've spent hours reading and still don;t have a good solution that doesn't kill my bank account, from what I've been reading it could run into the thousands.
Thanks
John A. Smith<BR>Cheif cook and Bottle Washer: sorryiforgot.com hairschool.org<BR>If you have to ask "Who's the man?" Your probaly not him.
| |
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts
|
|
|
Printable Version 
