RE: Re: [OT] - HELP PLEASE we've been hacked.

["Dean Barrett" <dean@xxxxxxxxx>]

What ports do you allow through your firewall?

Only ports open are 80 and a couple of odd ones we use for CCTV and CBus.

>   Oh and without having to resort to paying people :)

Err, it sounds like you _need_ to pay someone if you don't want this to be
repeated.

One of the joys of this list is the sharing of advice rather than paying
for
it :)



Dean.






Try our amazing lighting demonstration online now, and watch in
realtime via our webcam. Click below and follow the CBus links.
www.rolec.net
dean@xxxxxxx
Tel: 01908-210677
Fax: 01908-210678
The information in this internet E-mail is confidential and is intended
solely for the addressee. Access, copying or re-use of information in it by
anyone else is unauthorised. Any views or opinions presented are solely
those of the author and do not necessarily represent those of The Rolec
Group or any of its affiliates. If you are not the intended recipient
please
contact wrongmail@xxxxxxx

-----Original Message-----
From: Des Gibbons [mailto:des@xxxxxxx]
Sent: 13 April 2004 14:30
To: ukha_d@xxxxxxx
Subject: RE: [ukha_d] Re: [OT] - HELP PLEASE we've been hacked.


If you know what they have done to the server, then you can just undo
that,
secure up, and continue on. But, as you have no idea what they have
installed on your server, or other machines on your network, you _will_
need
to re-install the server OS from known good media.

What ports do you allow through your firewall?

>   Oh and without having to resort to paying people :)

Err, it sounds like you _need_ to pay someone if you don't want this to be
repeated.

Cheers, Des.

> -----Original Message-----
> From: Dean Barrett [mailto:dean@xxxxxxx]
> Sent: Tuesday, April 13, 2004 14:10
> To: ukha_d@xxxxxxx
> Subject: RE: [ukha_d] Re: [OT] - HELP PLEASE we've been hacked.
>
>
>   I appreciated your laughter - but was looking for something a
> little more
> constructive...
>
>   Surely formating is not the only solution - i assume my IIS security
> patches were not upto date. - looking for suggestions to remove
without
> formatting preferably.
>
>   Oh and without having to resort to paying people :)
>
>
>
>   Dean.
>
>
>    -----Original Message-----
>   From: Chris Bond [mailto:chris@xxxxxxx]
>   Sent: 13 April 2004 14:04
>   To: ukha_d@xxxxxxx
>   Subject: [ukha_d] Re: [OT] - HELP PLEASE we've been hacked.
>
>
>   --- In ukha_d@xxxxxxx, "Dean Barrett" <dean@r...>
wrote:
>   > This is a first for me - our public facing server seems to have
>   been hacked.
>   >
>   > We use a couple of ports for CCTV & CBus, but dont use the
default
>   80 so
>   > i've only just noticed this !!
>
>   > What the f*** - it seems to have stopped IIS running.. But i
cant
>   find a
>   > process to stop that may be it.
>   >
>   > Any help appreciated - cant imagine what else is going on....
>
>   ROFLOL - you've got a nice warez group on ya server.  I seriously
>   suggest you pull the server and format it and SECURE it up before
>   you connect it again.
>
>   If you require help securing it up i can do it but for a charge =)
>
>
>
>   UK Home Automation Meet 2004 - BOOK NOW!
>   http://www.ukha2004.com
>
>   http://www.automatedhome.co.uk
>
>   Member Offers - http://www.freeranger.co.uk/ukha
>
>
>         Yahoo! Groups Sponsor
>               ADVERTISEMENT
>
>
>
>
>
> ------------------------------------------------------------------
> ----------
> --
>   Yahoo! Groups Links
>
>     a.. To visit your group on the web, go to:
>     http://groups.yahoo.com/group/ukha_d/
>
>     b.. To unsubscribe from this group, send an email to:
>     ukha_d-unsubscribe@xxxxxxx
>
>     c.. Your use of Yahoo! Groups is subject to the Yahoo! Terms
> of Service.
>
>
>
> [Non-text portions of this message have been removed]
>
>
>
> UK Home Automation Meet 2004 - BOOK NOW!
> http://www.ukha2004.com
>
> http://www.automatedhome.co.uk
>
> Member Offers - http://www.freeranger.co.uk/ukha
> Yahoo! Groups Links
>
>
>
>



UK Home Automation Meet 2004 - BOOK NOW!
http://www.ukha2004.com

http://www.automatedhome.co.uk

Member Offers - http://www.freeranger.co.uk/ukha