Be careful what you wish for

| | Comments (3)

So this afternoon I was bemoaning the fact I had to notes programming, and would rather be doing sysadmin.

Well one of my servers must have heard me, because it decided to get hacked. We're pretty certain it was from a vulnerability in the Backup Exec remote client. A patch had been released fairly recently, but we hadn't installed it yet (I mean who patches Backup Exec within two weeks of patches being released??). I noticed a couple of weird processes running - door.exe and door1.exe. And a bunch of other crap as well. I noted the time of the intrusion, and we caught it withing about half an hour. Stopped all the backup exec services on all the other machines until they could be patched, and so far so good.

But my poor little server was full of extra services, dodgy files and who knows what else, so we decided to go back to an earlier version of the system (fortunately recorded just a couple of hours before the intrusion). Ghosting the system back to a clean one to begin with was a disaster. For reasons unknown it just chugged through loading the image. So I gave up on that and just reinstalled windows clean, and then restored the backup over the top. Followed by upgrading to service pack 1, and windows update, and a ghost image of the final product for good measure.

Then of course came the fun of making sure everything else was patched, that backups were going to work, system account passwords were changed, etc.

Then I get home and the mail server has spacked as well and needed to be rebooted.

*sigh*

First time I've ever had a compromised machine in a seven year career. Not pleasant.

3 Comments

delmer said:

Sorry about your IT problems.

This is not work related, but -- I just spent hours and hours trying to remove spyware from a coworker's daughter's PC. Spybot found a lot. I took a lot out of the registry myself. I tracked down some files that kept recreating themselves though I couldn't find out what triggered them.

I installed an AV product at some point which seemed to hose the Internet connection.

Etc. etc. etc.

I really didn't want to reinstall the OS -- I wasn't sure how successful I'd be finding the drivers I needed.

I finally deleted all the .dll files and .exe files in the Windows and System folder. There were a few problems finding NIC drivers but everything else when well enough after reinstalling Windows.

I have got to quit saying things like, "Bring it in and I'll take a look at it," when people mention the PC problems of their children.

June 29, 2005 1:19 AM

   

Phillbo said:

Seven years is not a bad record at all. I wouldn't be too upset by this one incident :) - at least you can benchmark yourself if you ever felt the need to.

I've have definately seen worse, that is for certain, and I've been unfortunate enough to be the designated "cleaner" of such annoyances :P

June 29, 2005 1:40 AM

   

Dave2 said:

I was starting to feel sorry for you, but then I got to the part where you were installing Windows and suddenly couldn't muster the sympathy.

I am such a Mac whore! :-)

Feel better. :-)

June 29, 2005 6:31 AM

   

Leave a comment

Kazza's "Boring Life Of a Geek" aka BLOG

IT geek, originally from Sydney, moved to Canberra in 2007. Married to "the sweetie", aka Stu. Prolific photographer, Lego junkie and tropical fish keeper.

Kazza the Blank One home