[_] the worst morning of my life!!!
Sam Mignano - Analyst
sam at beyondmetrix.com
Fri Sep 29 16:01:29 BST 2006
I am only going on what Rackspace told me - so no idea yet what s/he was
running and why as they are still looking in to it.
My servers are managed by Rackspace and patches are applied to all
things as they come out - but between us and them we must have missed
something somewhere obviously.
I was just wondering if anyone on list had ever tried to get the police
on to it.
-----Original Message-----
From: underscore-bounces at under-score.org.uk
[mailto:underscore-bounces at under-score.org.uk] On Behalf Of Steve Roome
Sent: 29 September 2006 15:44
To: underscore at under-score.org.uk
Subject: Re: [_] the worst morning of my life!!!
On Fri, Sep 29, 2006 at 03:34:31PM +0100, Sam Mignano - Analyst wrote:
> Anyway - my question is - has anyone ever reported such things to the
> police - or am I being naive here.
You might get a crime reference number. It won't help with your
customers though.
Use this as a good starting point to think about better security, also
how do you know it was an apache exploit and what was s/he running getty
for (do you mean a replaced getty, or just one used to log in through)?
Everyone gets hacked at some point, I tend to actually ask people to
hack my servers and find the problems before a random script kiddie does
it, but you need to know people who can do that sort of thing properly -
and actually able to test your security rather than just show that
they're not very good hackers.
Anyway, I'm guessing it was linux, was it particularly out of date, or
were you just incredibly unlucky?
Steve
--
underscore_ list info/archive -> http://www.under-score.org.uk
running and why as they are still looking in to it.
My servers are managed by Rackspace and patches are applied to all
things as they come out - but between us and them we must have missed
something somewhere obviously.
I was just wondering if anyone on list had ever tried to get the police
on to it.
-----Original Message-----
From: underscore-bounces at under-score.org.uk
[mailto:underscore-bounces at under-score.org.uk] On Behalf Of Steve Roome
Sent: 29 September 2006 15:44
To: underscore at under-score.org.uk
Subject: Re: [_] the worst morning of my life!!!
On Fri, Sep 29, 2006 at 03:34:31PM +0100, Sam Mignano - Analyst wrote:
> Anyway - my question is - has anyone ever reported such things to the
> police - or am I being naive here.
You might get a crime reference number. It won't help with your
customers though.
Use this as a good starting point to think about better security, also
how do you know it was an apache exploit and what was s/he running getty
for (do you mean a replaced getty, or just one used to log in through)?
Everyone gets hacked at some point, I tend to actually ask people to
hack my servers and find the problems before a random script kiddie does
it, but you need to know people who can do that sort of thing properly -
and actually able to test your security rather than just show that
they're not very good hackers.
Anyway, I'm guessing it was linux, was it particularly out of date, or
were you just incredibly unlucky?
Steve
--
underscore_ list info/archive -> http://www.under-score.org.uk