Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Help Groups for Snitz Forums 2000 Users
 Help: General / Classic ASP versions(v3.4.XX)
 Compromised Website		  New Topic  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

dooza
New Member

69 Posts
Posted - 19 January 2006 :  06:22:49  Show Profile
I have been running 3.4.03 for many years now. The forum was recently moved to a managed Win2K3 server.

Today I found out that my server has been compromised. All my sites were deleted from IIS, the IIS backups were gone, 2 new accounts were there, and one of them was logged in via TS.

My host says we need to reformat, which is fine, but was it the forum that let them in? Should I have upgraded to the latest version?

Any advice would be great.

Cheers,

Steve

Podge
Support Moderator

Ireland
3776 Posts
Posted - 19 January 2006 :  06:45:29  Show Profile  Send Podge an ICQ Message  Send Podge a Yahoo! Message
Its very, very doubtful that Snitz was to blame. More than likely they got in via a Windows vulnerablity or weak Windows passwords.
Podge.

The Hunger Site - Click to donate free food | My Blog | Snitz 3.4.05 AutoInstall (Beta!)

My Mods: CAPTCHA Mod | GateKeeper Mod
Tutorial: Enable subscriptions on your board

Warning: The post above or below may contain nuts.
Go to Top of Page

dooza
New Member

69 Posts
Posted - 19 January 2006 :  07:00:10  Show Profile
Excellent, thats fine then, I just needed to check. The server shouldnt be at risk, the host keeps it up to date and has an excellent firewall. We are about to reformat and start again, I just hope they dont do it again.
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20595 Posts
Posted - 19 January 2006 :  08:00:34  Show Profile  Visit HuwR's Homepage
quote:
Originally posted by dooza

The server shouldnt be at risk, the host keeps it up to date and has an excellent firewall.

cant be that great if someonoe managed to delete your websites and create new accounts to log in with.
Go to Top of Page

Podge
Support Moderator

Ireland
3776 Posts
Posted - 19 January 2006 :  08:43:45  Show Profile  Send Podge an ICQ Message  Send Podge a Yahoo! Message
Is there any indication of what they were up to ? Most hackers wouldn't want to delete all the websites in IIS unless they have a grudge against you. Doing that alerts the owner immediately that something is wrong. Hackers usually want to steal your bandwidth by using your server as an ftp or mail server or other such activity and the idea is to do it without the owners knowledge.
Podge.

The Hunger Site - Click to donate free food | My Blog | Snitz 3.4.05 AutoInstall (Beta!)

My Mods: CAPTCHA Mod | GateKeeper Mod
Tutorial: Enable subscriptions on your board

Warning: The post above or below may contain nuts.
Go to Top of Page

AnonJr
Moderator

United States
5768 Posts
Posted - 19 January 2006 :  08:53:13  Show Profile  Visit AnonJr's Homepage
quote:
Originally posted by dooza

The server shouldnt be at risk, the host keeps it up to date and has an excellent firewall.


Of course, even the best firewall is no good if the physical security isn't there. The Jan. 16 issue of Information Week featured an article titled "Anatomy Of A Break-In" where the company's servers were compromised in two days. How? The auditors walked in, and got access through a variety of social engineering. And this was a Fortune 500 company.

That's why I love/hate all the reports you see in non-technical news outlets - they forget to mention the human aspect to security. Like a computer firewall is going to prevent a security guard from getting duped by a con artist. But that is an entire topic in itself.
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.45 seconds. Powered By: Snitz Forums 2000 Version 3.4.07