I think there is work in progress on developing something to help this. This site is still early in the game. @addie probably has the best info on it.
Posts made by FiyaFly
-
RE: Layout Feebackposted in Water Closet
-
RE: So Many Beers. So Little Time......posted in Water Closet
@Bill-Kindle I'm just right up in Michigan. Ain't but a hop, skip, and jump away. I might have to consider a road trip at some time.
-
RE: If you are new drop in say hello and introduce yourself please!posted in Water Closet
@MisterVertigo Sounds like you're on par with the rest of us with your job. Welcome to a place where your woes will be heard and your questions answered!
-
RE: So Many Beers. So Little Time......posted in Water Closet
I'll have to log that one in the back of my head to check out in a couple months lol
-
RE: If you are new drop in say hello and introduce yourself please!posted in Water Closet
@RAM. I was wondering if we'd see you here!
-
RE: Mind Blowing 50 Cent Microscopeposted in Water Closet
Nice! Yeah, TED talks can really lead you to some amazing things. Reminds me of the one I saw about transferring data via the lighbulbs in our house to wifi devices using more of the light spectrum. I'll have to find the link to that.
-
RE: NTG's YOC (York Operations Center) lab rack is beginning to take shape... again.posted in IT Discussion
Can't wait for it to be up and running. Then we'll get to flex our muscles (pronouced "Muss kulls" for effect) on some of these projects I've been looking at.
-
RE: If you are new drop in say hello and introduce yourself please!posted in Water Closet
I'm a little late to the party, but I'm Joe. I am going to start posting more often, I've just had a lot on my plate. My life knows nothing besides work and the rare sleep every now and again lol. Coffe, Monster, Caffeine IV. The works.
-
"Did you know that your website is down?"posted in IT Discussion
Yesterday, at about 4pm EST, one of our engineers at NTG was notified by a client that our website was inaccessible. After some tests from several locations, we found he was right- all that came up was a blank page. So three of us dive into VSphere and jump into a Lync conference call with a screen share to determine what it happening. We jump into console access to the server and start digging into a the files that are our website. The first line bunch of lines is just one huge block of garbled text. After scrolling a little lower, we run into a line that states '//Silence is Golden.' Yup, we got hacked.
We pull out this text and keep going to see the extent of the damage. 'Sheesh, the site is running slow. What is going on in here?' After doing some looking, we realize that there are over 36 thousand emails queued to be sent out just sending back rejection errors due to being flagged spam. Okay, time to do some rollbacks. What all is on here?
A database for the hosting. apparently. Since databases don't really play well with external backups, we do some file level restores on our sites, disable postfix, and write up the problems to be looked at when we have the authority to do a full scale baremetal restore after backing up that database. How far back can we go?
Unitrends has been passed through several hands and setups over time by the time we got here. We can't find a solid retention policy and have difficulty finding a decent backup. We can go as far back as a month, so that is what we do. We look back into some of the files for our website and there are traces of the infection being already in there. Luckily, we do not store sensitive data there,nor do we ask for sensitive data there, so nothing was ever compromised on that end.
In conclusion, we had a website that had been compromised for a little while, a server acting as a spambot, questionable backups, and a large headache. Let this serve as a warning to us all on what happens when you think you can just set it and forget it. Do not forget to give your machines and servers a once-over every once in a while