June 21

I learned a lesson today; learn from my mistakes!

About 3:45 this afternoon I got an automatic message that there was a new post on the forum – and it included the text. It was clearly an attack, so I took immediate action to both remove the post and the poster. The irony, of course, is that I review each account before allowing people in – and this poster took the time to complete the information. I had a suspicious feeling, but went ahead and approved the account anyway.

We’ll call that the First Lesson Learned: trust your instincts

Well, I didn’t get to the board in time, and the hack was successful; we’re currently working now to cordon off the forums and are assessing the damage to the system. However, as we’re walking through the server, we’re noticing several mistakes that I/we have made in hardening our server.

So I have confirmed that even the slightest mistake or oversight allows an attacker with time and patience the opportunity to strike. I’m flattered that someone thought the work we are doing to be worth investing the time to manually subscribe to the board, pose as a legitimate user and then execute an attack against our forum software.

So what now?

Well, we’re completing our damage assessment. To be honest, we have no clue if anyone has direct access to the server or if this was an attack on the software only. Clearly, we’ll take the forums down for a few days. It’s upsetting since we were just picking up speed; during that time, we’ll be assessing the situation and determining if we continue with the Invision software or move to a different platform. Ideas, comments and suggestions are certainly welcome.

To be on the safe side, we consider the current server to be a total loss. We do make regular backups and will be securing and transitioning to a different server over the coming days… and maybe a bit longer. As usual, this never happens at a “good” time, but it points out that even security people are vulnerable. And the depth of information required to be good across the board is deeper than an inch 😉
So, I’ll take notes on our actions and lessons learned and share them with you. I may wait a bit, document it, reflect on it, and then package it up to share. In the meantime, I have learned that nobody is perfect and now it’s time to learn some new aspects of server hardening.


Tags


You may also like

Are you using frameworks properly?

Leadership and communication are actually layers, not levels

  1. Since the forums are down, I can’t post this story there. So here it is:
    Fyodor, the author of Nmap, has released the results of his 2006 network security tool survey. This list is full of tools that can assist in network auditing, defense and forensics. Although it is near the top of my personal list, nmap didn’t make the list because Fyodor excluded it. The list includes a short description, cross links leading to categories, intuitive icons to show what OS it runs on natively and icons for availability of source code, GUI, and CLI.
    You can find the list at http://SecTools.Org From that link:
    `I (Fyodor) asked users from the nmap-hackers mailing list to share their favorite tools, and 3,243 people responded. This allowed me to expand the list to 100 tools, and even subdivide them into categories. Anyone in the security field would be well advised to go over the list and investigate tools they are unfamiliar with. I discovered several powerful new tools this way. I also will be pointing newbies to this site whenever they write me saying “I don’t know where to start”.
    Respondents were allowed to list open source or commercial tools on any platform. Commercial tools are noted as such in the list below. No votes for the Nmap Security Scanner were counted because the survey was taken on a Nmap mailing list. This audience also means that the list is slightly biased toward “attack” tools rather than defensive ones.’

  2. Since the forums are down, I can’t post this story there. So here it is:
    Fyodor, the author of Nmap, has released the results of his 2006 network security tool survey. This list is full of tools that can assist in network auditing, defense and forensics. Although it is near the top of my personal list, nmap didn’t make the list because Fyodor excluded it. The list includes a short description, cross links leading to categories, intuitive icons to show what OS it runs on natively and icons for availability of source code, GUI, and CLI.
    You can find the list at http://SecTools.Org From that link:
    `I (Fyodor) asked users from the nmap-hackers mailing list to share their favorite tools, and 3,243 people responded. This allowed me to expand the list to 100 tools, and even subdivide them into categories. Anyone in the security field would be well advised to go over the list and investigate tools they are unfamiliar with. I discovered several powerful new tools this way. I also will be pointing newbies to this site whenever they write me saying “I don’t know where to start”.
    Respondents were allowed to list open source or commercial tools on any platform. Commercial tools are noted as such in the list below. No votes for the Nmap Security Scanner were counted because the survey was taken on a Nmap mailing list. This audience also means that the list is slightly biased toward “attack” tools rather than defensive ones.’

Comments are closed.
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Subscribe to our newsletter now!