[Dshield] What passes for a server admin

M. Shirk shirkdog_list at hotmail.com
Tue Mar 29 17:59:24 GMT 2005


I hope they actually rebuilt the system. Look at this suspect quote from the 
posting:

"I am backing up my stuff getting ready for an OS reload but I hope SB can 
help me lock down my box before they cause damage and before I can get to 
the point where I am ready for an OS reload."


Shirkdog
http://www.shirkdog.us



>From: "Johannes B. Ullrich" <jullrich at euclidian.com>
>Reply-To: General DShield Discussion List <list at lists.dshield.org>
>To: General DShield Discussion List <list at lists.dshield.org>
>Subject: Re: [Dshield] What passes for a server admin
>Date: Mon, 28 Mar 2005 10:22:48 -0500
>
>
>Sad indeed :-(. He mentions that he asked ServerBeach (the ISP) for help. I 
>don 't know them (ServerBeach), so I am not sure how they will respond. In 
>most cases I would hope they will at least disconnect the system from the 
>outside. From the sound of the message, it looks like the system is rooted. 
>I don't expect that anything other then a rebuild from scratch will help. 
>Most colocation facilities like ServerBeach will give you the option to 
>hire someone by the hour to cleanup a system like that, or to rebuild it. 
>But a good cleanup would be very time consuming (if possible at all).
>
>
>
>jayjwa wrote:
>>
>>I ran into this article while I was looking for something else. It 
>>describes an admin talking to a forum of other server admins about getting 
>>hacked. The guy has absolutely no clue what he's doing; he's confirmed 
>>rooted, and scanning other servers, yet never does it occure to him to 
>>pull the plug on the thing. All he says to the other admins is 'sorry if 
>>my box is attacking yours'. Check out this article to see why there are so 
>>many hacked servers on the 'Net today:
>>
>>
>>http://forums.serverbeach.com/archive/index.php/t-2163.html
>>
>>
>
><< signature.asc >>
>-------------- Sponsor Message ------------------------------------
>Join us at SANSFIRE 2005 in Atlanta!
>The Internet Storm Center Conference.
>Details: http://www.sans.org/sansfire2005
>
>_______________________________________________
>send all posts to list at lists.dshield.org
>To change your subscription options (or unsubscribe), see: 
>http://www.dshield.org/mailman/listinfo/list

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/




More information about the list mailing list