RE: Re: [OT] - HELP PLEASE we've been hacked.

["Dean Barrett" <dean@xxxxxxxxxxxxxxxx>]

Hi Paul

Don't understand the finer details or how they did it.

But by chance today I was updating my CBus Homegate pages and forgot to
type
in the port number and to my surprise there was this thing informing me I'd
been hacked...

On the particular PC I run Geovision server on a specific port, CBus
Homegate server on another port. And had left the default IIS server
running
though nothing was setup to work with port 80.

As it turns out I suppose if I'd left IIS off then this problem would not
have occurred. I find it amazing that they were able to access the machine
and turn off IIS and install their own server...

I would be grateful for someone to explain HOW they did it ?



Dean.


-----Original Message-----
From: Paul Gale [mailto:groups@xxxxxxx]
Sent: 13 April 2004 17:08
To: ukha_d@xxxxxxx
Subject: RE: [ukha_d] Re: [OT] - HELP PLEASE we've been hacked.

Dean - was this hacked server running on the IIS FTP server, or it's own
app?

How did you find it?

Paul.



> -----Original Message-----
> From: Dean Barrett [mailto:dean@xxxxxxx]
> Sent: 13 April 2004 16:59
> To: ukha_d@xxxxxxx
> Subject: RE: [ukha_d] Re: [OT] - HELP PLEASE we've been hacked.
>
> Thanks for that Mark.
>
> It wasnt Chris's advice particularly it was the ROFLOL - something i
didnt
> really need to know !!!
>
> Yes it looks like formatting might be the only approach which is a
pain in
> the arse but fine - if its what i have to do..
>
> My concern is if it is on other machines and i dont know..
>
> I really need to run windows as both CBus HomeGate and Geovision CCTV
run
> on
> windows only.
>
> With reference to paying - again if i have to so be it, but we're only
a
> little company and everything here is done in house, website etc. etc.
and
> i
> know how much IT bods charge :) - which is why there is so many of
them on
> here with fancy toys :)
>
>
>
> Dean.
>
>
>
>
>
>       Try our amazing lighting demonstration online now, and watch in
> realtime via our webcam. Click below and follow the CBus links.
>       www.rolec.net
>       dean@xxxxxxx
>       Tel: 01908-210677
>       Fax: 01908-210678
>      The information in this internet E-mail is confidential and is
> intended
> solely for the addressee. Access, copying or re-use of information in
it
> by
> anyone else is unauthorised. Any views or opinions presented are
solely
> those of the author and do not necessarily represent those of The
Rolec
> Group or any of its affiliates. If you are not the intended recipient
> please
> contact wrongmail@xxxxxxx
>
>   -----Original Message-----
>   From: Mark Harrison (Yahoo!) [mailto:mph@xxxxxxx]
>   Sent: 13 April 2004 16:40
>   To: ukha_d@xxxxxxx
>   Subject: Re: [ukha_d] Re: [OT] - HELP PLEASE we've been hacked.
>
>
>   >   I appreciated your laughter - but was looking for something a
little
>   more
>   > constructive...
>
>   I think that Chris gave good advice.
>
>   >   Surely formating is not the only solution - i assume my IIS
security
>   > patches were not upto date. - looking for suggestions to remove
> without
>   > formatting preferably.
>
>   Alas, with the nasty hacker types out there, there is no substitute.
> There
>   WILL be back doors :-(
>
>
>   In my opinion, Chris only went half way. "Format and consider
installing
> a
>   different web server" would have been my recommendation.
>
>   - I do not say this out of some dislike of Microsoft - I think that
they
>   write a lot of great software.
>
>   - I do not say this out of some geek-like desire to only use free
> software -
>   I think that non-free (as in costs money) has its place, and that
non-
> free
>   (as in Open Source) has its place.
>
>   - I do not say this because ANY web server is bug-free and
exploit-free
> -
> I
>   can only think of one piece of code that I _trust_ to be bug-free,
and
>   that's the core from the Inmos T8000. [bonus points to anyone who
can
> tell
>   me WHY I make that claim.]
>
>   The Microsoft web product set suffers from one fundamental design
flaw -
> I
>   am hard pressed to think of a single high-profile (on a global
scale)
> site
>   that uses it, with the exception of sites where Microsoft has
committed
>   significant development funding.
>
>   If your webserver is primarily static HTML, then moving away from
IIS to
>   something like Apache would be straightforward.
>
>   If your webserver is more complex, and relies on backend databases,
then
>   migration would, obviously, be much more complex.
>
>   >   Oh and without having to resort to paying people :)
>
>   No problem - continue to ask away here. Of course, if you do decide
you
> have
>   budget... :-)
>
>   Regards,
>
>   M.
>
>
>
>   UK Home Automation Meet 2004 - BOOK NOW!
>   http://www.ukha2004.com
>
>   http://www.automatedhome.co.uk
>
>   Member Offers - http://www.freeranger.co.uk/ukha
>
>
>
>
--------------------------------------------------------------------------
> --
> --
>   Yahoo! Groups Links
>
>     a.. To visit your group on the web, go to:
>     http://groups.yahoo.com/group/ukha_d/
>
>     b.. To unsubscribe from this group, send an email to:
>     ukha_d-unsubscribe@xxxxxxx
>
>     c.. Your use of Yahoo! Groups is subject to the Yahoo! Terms of
> Service.
>
>
>
> [Non-text portions of this message have been removed]
>
>
>
>
> UK Home Automation Meet 2004 - BOOK NOW!
> http://www.ukha2004.com
>
> http://www.automatedhome.co.uk
>
> Member Offers - http://www.freeranger.co.uk/ukha
> Yahoo! Groups Links
>
>
>
>
>





UK Home Automation Meet 2004 - BOOK NOW!
http://www.ukha2004.com

http://www.automatedhome.co.uk

Member Offers - http://www.freeranger.co.uk/ukha