Jump to content
TeeJay

Serious Security Issue

Recommended Posts

Let me just say that whatever has happened to this member, it has not come from this forum. Our servers are very well protected and there is only 1 person with access to them, and thats me. Several different scans are performed every day to avoid anything to happen. (Rootkithunter, CHKROOTKIT, nobody-scan, etc)We have a solid brute-force protection system in place + anybody trying to get access to any vital areas and don't know the username/password, will be locked out by our firewall after 5 tries. Even if somebody should manage to get access to our system, it won't do them any good. All user passwords are MD5 encrypted. So let me just assure you that you are all safe when you do your daily surfing on RWG.

This post gives me a warm fuzzy feeling all over.

"..........solid brute force protection system in place............" I just wanna run up to Jax and and buy an Aviator a beer...................

Share this post


Link to post
Share on other sites
We got bigger problems than that. dry.gif

Cornerstone keeps dropping the soap in the office showers. ohmy.gif

Ken biggrin.gif

It could be worse, inagine the office showers over at RWI. Seanf . . . . . . . . .midgets . . . . . . . . . . monkey buttlers . . . . . . . and poor old AHW in the middle of it all. The horror! The horror! :lol:

We advoided this problem over at RWG1.1. When we remodeled the old place we went for a full set of roman baths instead. The attendents have been trained to recognise both Conerstone and Sean on sight. That's where the rotweilers come into play. Tried to hire Dani's pooch but he wouldn't be in it. Somthing about corupting a perfectly good dog.

When the rottis are on their break Alphakarzi's mawcaw takes over. 'tis a grand sight swooping umongst the imported marble columns. The cleaners do complain about removing bird crap from the Da Vinci sculptures tho.

Col.

Edited by trailboss

Share this post


Link to post
Share on other sites

Is this what he meant by cross-eyed crypting? I'm so confused....

Marty_Feldman.jpg

Share this post


Link to post
Share on other sites
- It's you that is in charge of the soap purchasing, and you buy 'Mr Slippy' every time

Ok now this is not my fault, the guys tell me the need the photo's to make homemade cards, you know they just add a few letters and they get....

MoM thinking of you on Mothers day

or

PoP I'm in the shit and need some cash

or even

LoL rbj lol,lol,lol

Ken

Share this post


Link to post
Share on other sites

Actually, this is f* up...and i am angry at myself at this moment...

Oh and btw, this gets kinda technical....

I used to pride myself that my laptop was very secure, I run Spyware Blaster, Spybot S&D, have a AV and sitting behind a firewall with active UTM-services.

For some reason I went home working yesterday (where I just have a dumb ADSL-router without UTM-services) and this morning when I started my laptop at home everyhting was just fine, I used Firefox to check my Gmail and some forums where I am a member before going to work...

Strangely enough my IE didnt want to start as it should when I wanted to access my OWA..but I was kinda stressed to work so I didnt care.

When I came to work I fired up (!) Firefox again, an - lo and behold! - it didnt connect saying the proxy didnt answer....hmmm..

I dont use a proxy for Firefox so I checked the settings and sure enough, it pointed to 127.0.0.1 with port 445/tcp.

Now this is really strange since 445/tcp is used by Windows for filesharing (if you look this up in a portlist this will be called DirectService, which is a SMB-server listening to TCP/IP) and shouldnt be able to bind anything else.

So I ran Spybot S&D and got a spyware hit...which wasnt there yesterday. I googled it up (and I was so upset that I forgot to write down the name of it...) and this was a quite nasty one, but thank God, it seems to have been stopped partially by my Spyware-blaster that sets killbits for ActiveX components.

So from now on I will be doing scans every freaking single day and run my Firefox in a Sandbox-environment.

Here are some good links for you guys:

Spyware Blaster (think this was the one that stopped the spyware for installing itself more than it did)

http://www.javacoolsoftware.com/spywareblaster.html

Spybot S&D

http://www.safer-networking.org/index2.html

SandboxIE (run your webbrowser in a Sandbox-environment, ie. everything that is changed in your system, save to files etc. is only "virtually" saved and will be gone when you exit the browser)

http://www.sandboxie.com/

Share this post


Link to post
Share on other sites

thx for the sandbox hint wiseman i will try this

Share this post


Link to post
Share on other sites
Our servers are very well protected and there is only 1 person with access to them, and thats me.

Heartening to know this. Hope we have a forum continuity plan in place :p

Share this post


Link to post
Share on other sites

I've read between the lines and now have a plausable explanation for you.

The member got a phishing mail that said their account was hacked. They clicked on the link and got pwned.

Sound likely? I'll bet cold hard cash that's what happened.

Share this post


Link to post
Share on other sites
I've read between the lines and now have a plausable explanation for you.

The member got a phishing mail that said their account was hacked. They clicked on the link and got pwned.

Sound likely? I'll bet cold hard cash that's what happened.

After reading everything this sounds like the most plausible explanation

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×