Server Update

DROliver · #1 Postby **DROliver** » Thu Apr 01, 2004 12:34 pm

Last around 2:00am the server went down.It was not a hack attempt,just indirectly related to our recent attacks.I posted before that this could or will happen for the next week or so.Because we are live it is taking longer to get the new OS they way we like it.So please bare with us,as we are working to keep Storm2k up and running.

All security measures are in place and tested.We are as secure as we can be.Although our security measures did not fail us during the attacks,I did.Our security protocol is to have telnet shut down and monitoring software installed.I had a very basic monitor on the system and I had left telenet open after working on a software upgrade.I had no idea that we were being "sniffed"

Investigation Report:

We had 3 attacks all 3 used the FTP port(sniffers) to get user names and passwords from domain owners on the server.2 attacks used a brute force program to gain access to all passwords on the server including all members of storm2k.1 attack vandalized files on NHCWX and Usweatherwatchers and changed permissions for root on all other accounts.All 3 attacks used Telnet to gain access to the server.on March 28th 2 IP(intruders) tried to gain access to the file they left on the fist attack.(This was a setup)It confirmed the IP's and they have been traced.The offending IP's come from Lithuania and they have been blocked from the server and datacenter.The intruder who vandalized file systems is still being pursued and we could be close to an arrest in a few days.As for the Lithuania hackers,at this time all we can do is monitor and block them.(they have done this to hurdreds of servers in many datcenters in the U.S.)They have never caused damage,but they steal passwords and what they do with them it is hard to tell.

Again I am sorry for the outages.We should be 100% within the week.

Remember to change your passwords!!

Thank you,

Steve O.

#2 Postby **Stephanie** » Thu Apr 01, 2004 12:41 pm

Thanks for the update Steve. I remember in your earlier post you had mentioned that these outages may occur as the server gets back to normal.

#3 Postby **cycloneye** » Thu Apr 01, 2004 12:51 pm

WOW LITHUANIA.Thanks Steve for all the work that you are doing to keep storm2k running against those wackos.

DROliver · #4 Postby **DROliver** » Thu Apr 01, 2004 12:56 pm

Also if you have been experiencing times where you can access Hurricane Hollow or Usweatherwatchers and not Storm2k please reply and leave the following info:

ISP
connection(dial-up,dsl,cable or satellite)
Browser(IE ,netscape,other)
Times this occurs

Thanks,

Steve O.

Lindaloo · #5 Postby **Lindaloo** » Thu Apr 01, 2004 12:56 pm

So glad you are getting to the bottom of the attacks Steve!! Thanks so much for the update and all you do for S2K.

therock1811 · #6 Postby **therock1811** » Thu Apr 01, 2004 6:08 pm

You warned us...thanks again for all you do!!

HurricaneGirl · #7 Postby **HurricaneGirl** » Thu Apr 01, 2004 7:30 pm

Holy Crap! :eek:

mf_dolphin · #8 Postby **mf_dolphin** » Thu Apr 01, 2004 9:08 pm

Steve has done a tremendous job with the hacker response. Thanks to you Steve for all the hard work! :-)

Rainband · #9 Postby **Rainband** » Fri Apr 02, 2004 10:51 am

I echo the above comments. Thanks Steve

We appreciate everything :wink:

breeze · #10 Postby **breeze** » Fri Apr 02, 2004 5:37 pm

Thanks, Steve, for updating us! I changed
my password, and, the post-it note on my
desk reminds me, "Remember, dummy -
you changed your S2K password"! :lol:

#11 Postby **coriolis** » Fri Apr 02, 2004 7:22 pm

I'm glad this was resolved. And no, I don't want the U.N. running the internet, thank you very much.

Server Update

Server Update

Who is online