Re: Hackers left open door to my server..

From: Jayson Broughton (jbroughtonat_private)
Date: Tue Jan 25 2000 - 10:30:37 PST

Next message: Jayson Broughton: "Re: Attack on port 2140??"

Previous message: Cliff Rayman: "Re: Bypassing firewall"
Maybe in reply to: James Hepworth: "Hackers left open door to my server.."
Next in thread: daN.: "Re: Hackers left open door to my server.."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

James,
One place to report this is to CyberSnitch. This is an online,
hightech Computer crime
unit that is manned by fellow Officers of the law.
http://www.cybersnitch.net
Click on the Report a Crime bar, and follow the instructions.  Also
you can do a whois
on their ip address, and grab the Administrative contact to their
ISP(or goto their isp
from the Whois and see if there is a place to contact on their
website).  Provide Date
and time stamps in your time zone(tell them what your timezone is of
course) along with
all logs you can dig up.  This should at least disconnect them, or
allow you to press
charges if they find the right guy. (unless they ran through a
proxy,socks or wingate to
do the damage).  In that case, the administrator for the
socks-proxy-wingate should be
able to look through logs and direct you to another ip addy that was
using the
proxy-socks-wingate at that time...

Goodluck to you,
~Jayson Broughton
HQ-All Bases Covered
Network & Security Admin

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>

iQA/AwUBOI3ry6e75Wq9veF/EQLgBgCdE0/4KDFD/J34dW0aYVLWed45oxcAoPra
gnJLeKPmsFV6z9420Y2KjZYe
=RZgI
-----END PGP SIGNATURE-----

James Hepworth wrote:

> Someone tried to get into one of our boxes here and left a door (rcp) to one
> of their hacked servers.  They also left quite a few files on the server,
> large list of servers, IP addresses, usernames and root passwords + their
> toolbox of toy scripts. Our system did not let them delete these files, but
> they thought they had.  I also have the console log with them chatting to
> each other & the commands they issued.
>
> Is there any one place to report this type of violation or should I just
> clam up and clean up the box?  The connection (rcp) is still up (not for
> long I suspect tho), I would like to catch these buggers.....
>
> Thanks
> JAMES
>
> Tired of bad Internet search results?
> Try http://www.muckymuck.com
> Cut Through the Muck!

Next message: Jayson Broughton: "Re: Attack on port 2140??"
Previous message: Cliff Rayman: "Re: Bypassing firewall"
Maybe in reply to: James Hepworth: "Hackers left open door to my server.."
Next in thread: daN.: "Re: Hackers left open door to my server.."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:59:09 PDT