Slashdot Mirror

← Back to Stories (view on slashdot.org)

We've Been Hacked... or Have We?

Posted by Cliff on from the better-security-fu-requested dept.

hidden_fire asks: "I recently got a job as a Web Programmer at a web company that hosts many sites. The company had many badly firewalled Windows and Linux servers without any security patches, and a shared administrator password. I warned them that they needed to improve their security, but was ignored until a hacker kindly emailed them proof that their credit-card server was compromised, and the Sasser Worm took us offline. Now, I've been allowed to rebuild the compromised box and tighten our firewalling, but our other servers show many signs of possibly being compromised including unexplained outgoing traffic, a Linux kernel lockup, strange ports being open, and performance issues. I think we are possibly providing hosting for undetectable spammers but the boss thinks I'm paranoid, and says that I need to be working on paying work, not security. Has anybody else been in this situation? How can I detect these guys if their tools don't show in virus scans?"

2 of 65 comments (clear)

  1. firost psot by TheMysteriousFuture · · Score: -1, Offtopic

    firost psot

    --
    .sig
  2. Undetectable spammers by DaoudaW · · Score: -1, Offtopic

    Meanwhile, the average Internet surfer is left with few options. Besides choosing the highest security settings for Internet Explorer, Windows users could download an alternate browser, such as Mozilla or Opera. Mac users are not in danger. Are you married to IE or what???