Slashdot Mirror

← Back to Stories (view on slashdot.org)

We've Been Hacked... or Have We?

Posted by Cliff on from the better-security-fu-requested dept.

hidden_fire asks: "I recently got a job as a Web Programmer at a web company that hosts many sites. The company had many badly firewalled Windows and Linux servers without any security patches, and a shared administrator password. I warned them that they needed to improve their security, but was ignored until a hacker kindly emailed them proof that their credit-card server was compromised, and the Sasser Worm took us offline. Now, I've been allowed to rebuild the compromised box and tighten our firewalling, but our other servers show many signs of possibly being compromised including unexplained outgoing traffic, a Linux kernel lockup, strange ports being open, and performance issues. I think we are possibly providing hosting for undetectable spammers but the boss thinks I'm paranoid, and says that I need to be working on paying work, not security. Has anybody else been in this situation? How can I detect these guys if their tools don't show in virus scans?"

4 of 65 comments (clear)

  1. Re:Sounds like by PD · · Score: 5, Funny

    Those were the days. Adminstrator discovers *one* hacker, catches him, then has enough time to write a book about it before worrying about the next one.

    --
    If tits were wings it'd be flying around.
  2. Tell ya what... by FFFish · · Score: 5, Funny

    ...post the IP address here, and I'm quite certain your worst fears will be so perfectly confirmed that your boss will have no choice but to admit you were right!

    --

    --
    Don't like it? Respond with words, not karma.
    1. Re:Tell ya what... by Anonymous Coward · · Score: 4, Funny

      66.35.250.150

  3. Re:Sounds like by MarkGriz · · Score: 2, Funny

    No kidding. Try catching 'em with a teletype on a 9600 baud connection now.

    --
    Beauty is in the eye of the beerholder.