There was a real hacking case happened lately would like to share here. A company network & Internet access was very slow since early of last week. So a party went in troubleshoot the problem on last 2 days ago.
After detail checking, the party found out the culprit was one of new servers was generating massive of traffics around 15k+ sessions to various of external IP addresses.
The party found out it was hacked and installed with Rootkits. For your information, the rootkits installed were RHV4 and RHV5 (if you understand what I mean here). Possibly based on the indirect backdoors below:
1) The access list was not used (anyone can access from anywhere).
2) Administrator via remote access was enabled (the hacker can do anything using root access).
3) The administrator & other users password set was also too simple.
4) Personal firewall policies are configured, but there was no source and destination IP address defined.
Hacking nowadays are to generate income.
Later the party found out it was caused by the server implementer. What? The implementer shouldn't be professional as what it supposed to be?
So why the backdoors were created? Are the implementers doesn't understand what they are doing? Are they lack of responsibility of not double checking her works? Are they not following the rules while others are? This case is embarrassing the implementer and the implementer's company, in terms of professional.
It taught us a lesson here. We need to check the system ourselves, instead of trusting it is safe to run and protected, even people tell you it is. Don't bull shit.
And I believe the hacker must have use the server to generate email/web spam income, what a free resource for him/her huh! Damn.
Note: The original post content is edited as what it is suppose to be. I believe I've learned another lesson today of what should be posted and what should be not. ;)
Posts
No comments:
Post a Comment