The UK Home Automation Archive

Archive Home
Group Home
Search Archive


Advanced Search

The UKHA-ARCHIVE IS CEASING OPERATIONS 31 DEC 2024


[Message Prev][Message Next][Thread Prev][Thread Next][Message Index][Thread Index]

Re: [OT] - HELP PLEASE we've been hacked.


  • Subject: Re: [OT] - HELP PLEASE we've been hacked.
  • From: "Chris Bond" <chris@xxxxxxxxxxxx>
  • Date: Tue, 13 Apr 2004 13:29:50 -0000

When you get a comprimised server like that you really shouldnt
relay on patching it up as all it requires is something left by
accident and your buggered again if they get in.

Make sure your completley up2date with windows update, run baseline
analyser on it.

Secure down your policies, permissions, etc etc.

--- In ukha_d@xxxxxxx, "Alex Monaghan" <ha@m...> wrote:
> Reformatting is the safest option !
>
> You may be able to undo the hack, but can you be certain you can
find any
> additional backdoor they may have installed ?
>
> Try googling for the hacker's name or other keywords in the
message, there
> may be a simple fix.
>
> > -----Original Message-----
> > From: Dean Barrett [mailto:dean@r...]
> > Sent: Tuesday, April 13, 2004 2:10 PM
> > To: ukha_d@xxxxxxx
> > Subject: RE: [ukha_d] Re: [OT] - HELP PLEASE we've been hacked.
> >
> >   I appreciated your laughter - but was looking for something
> > a little more constructive...
> >
> >   Surely formating is not the only solution - i assume my IIS
> > security patches were not upto date. - looking for
> > suggestions to remove without formatting preferably.
> >
> >   Oh and without having to resort to paying people :)
> >
> >
> >
> >   Dean.
> >
> >
> >    -----Original Message-----
> >   From: Chris Bond [mailto:chris@l...]
> >   Sent: 13 April 2004 14:04
> >   To: ukha_d@xxxxxxx
> >   Subject: [ukha_d] Re: [OT] - HELP PLEASE we've been hacked.
> >
> >
> >   --- In ukha_d@xxxxxxx, "Dean Barrett"
<dean@r...>
wrote:
> >   > This is a first for me - our public facing server seems to
have
> >   been hacked.
> >   >
> >   > We use a couple of ports for CCTV & CBus, but dont use
the
default
> >   80 so
> >   > i've only just noticed this !!
> >
> >   > What the f*** - it seems to have stopped IIS running.. But
i
cant
> >   find a
> >   > process to stop that may be it.
> >   >
> >   > Any help appreciated - cant imagine what else is going
on....
> >
> >   ROFLOL - you've got a nice warez group on ya server.  I
seriously
> >   suggest you pull the server and format it and SECURE it up
before
> >   you connect it again.
> >
> >   If you require help securing it up i can do it but for a
charge =)
> >
> >
> >
> >   UK Home Automation Meet 2004 - BOOK NOW!
> >   http://www.ukha2004.com
> >
> >   http://www.automatedhome.co.uk
> >
> >   Member Offers - http://www.freeranger.co.uk/ukha
> >
> >
> >         Yahoo! Groups Sponsor
> >               ADVERTISEMENT
> >
> >
> >
> >
> >
> > --------------------------------------------------------------
> > --------------
> > --
> >   Yahoo! Groups Links
> >
> >     a.. To visit your group on the web, go to:
> >     http://groups.yahoo.com/group/ukha_d/
> >
> >     b.. To unsubscribe from this group, send an email to:
> >     ukha_d-unsubscribe@xxxxxxx
> >
> >     c.. Your use of Yahoo! Groups is subject to the Yahoo!
> > Terms of Service.
> >
> >
> >
> > [Non-text portions of this message have been removed]
> >
> >
> >
> > UK Home Automation Meet 2004 - BOOK NOW!
> > http://www.ukha2004.com
> >
> > http://www.automatedhome.co.uk
> >
> > Member Offers - http://www.freeranger.co.uk/ukha
Yahoo! Groups
Links
> >
> >
> >
> >
> >
> >



UK Home Automation Meet 2004 - BOOK NOW!
http://www.ukha2004.com

http://www.automatedhome.co.uk

Member Offers - http://www.freeranger.co.uk/ukha

UKHA_D Main Index | UKHA_D Thread Index | UKHA_D Home | Archives Home

Comments to the Webmaster are always welcomed, please use this contact form . Note that as this site is a mailing list archive, the Webmaster has no control over the contents of the messages. Comments about message content should be directed to the relevant mailing list.