Hacked

[whytheheckme]

Are youtalking about punahourobotics.org (69.89.25.188)?

I see that you are using bluehost as your web hosting company. They kindly kept your personal info safe from the WHOIS database, but unfortunatley left a slew of information about themselves instead of paying to have it show up as anonymous.

It looks like they have ports 23 and 53 buttoned up well, which is good for you.

Ports 80 and 21 are open, which are expected (perhaps you can request secure FTP instead?). I also see 110 open, which is pop3 (do you have an email server?)

I also ran a custom scan on 3389, which is closed (another big relief).

You really need to talk to bluehost and find out exactly how the intruder got in (which port, service, and hacking method.) You are running off a server called box188 on their system. Ask them to send you a report on all secure traffic on this box.

If the problem persists, change hosting companies. There is obviously a problem with the security of their hosting.

Jacob

[EHaskins]

Quote:

Originally Posted by whytheheckme

I also ran a custom scan on 3389, which is closed (another big relief).

Is there anyone hosting anything who is stupid enough to leave RDP exposed?!?!

[Uberbots]

Has this been a consistent problem with blue host? If so, we might have to think about changing web hosts...

[whytheheckme]

Quote:

Originally Posted by EHaskins

Is there anyone hosting anything who is stupid enough to leave RDP exposed?!?!

ummmmmmmmmmmmmmmmmm

In my early days of webhosting, I left my RDP open so I could access my webserver from anywhere (hey! give me a break... I was 8...)

Now-a-days, I actually DO have RDP open on my domain (which is run out of my datacenter), but my gateway (that I built, its a P4 w/ 2.5 GB RAM fyi) forwards the RDP port to a specific Terminal Server, that is set up soley for that purpose. Once logged into the Terminal Server, you can access a secure area of my network (using encryption) which allows you to Remote Desktop any of the servers on my network (I run 7 servers 24/7 on my domain).

So in short, I guess the answer is ME!!!

But I think I have the security measures to compensate. My domain has been running over 2 years without a problem (not referring to uhsserobotics.com, I'm referring to my personal domain that I use for remote services... FYI uhsserobotics.com is run from a seperate couple of servers in my datacenter).

Jacob

[EHaskins]

Quote:

Originally Posted by whytheheckme

So in short, I guess the answer is ME!!!

Ok, I should have said who would be stupid enough to do that without some insane amount of security.

EDIT: Just curious, what the power consumption of a setup like that? And whats it take to keep them cool?

EDIT: Your gateway is a P4 with 2.5gb of ram?!?! My server is only a p4 with 1gb!

[Uberbots]

Quote:

Originally Posted by whytheheckme

ummmmmmmmmmmmmmmmmm

In my early days of webhosting, I left my RDP open so I could access my webserver from anywhere (hey! give me a break... I was 8...)

Now-a-days, I actually DO have RDP open on my domain (which is run out of my datacenter), but my gateway (that I built, its a P4 w/ 2.5 GB RAM fyi) forwards the RDP port to a specific Terminal Server, that is set up soley for that purpose. Once logged into the Terminal Server, you can access a secure area of my network (using encryption) which allows you to Remote Desktop any of the servers on my network (I run 7 servers 24/7 on my domain).

So in short, I guess the answer is ME!!!

But I think I have the security measures to compensate. My domain has been running over 2 years without a problem (not referring to uhsserobotics.com, I'm referring to my personal domain that I use for remote services... FYI uhsserobotics.com is run from a seperate couple of servers in my datacenter).

Jacob

I envy your amount of servers, enthusiasm, and money.
I wish i had the resources to run such a system.

[whytheheckme]

Quote:

Originally Posted by Uberbots

I envy your amount of servers, enthusiasm, and money.
I wish i had the resources to run such a system.

I LOOOOOVEEEE servers. For the most part, my servers are retired gaming computers from myself and my friends (1ghz and above). I have a few powerhouse servers (such as my multimedia servers) that I built from NewEgg specials and black friday deals etc.

But all in all, my entire setup hasn't actually cost me that much. Except for the additional $125 a month on the electric bill (oops). But I have a job, plus I rent out server space to my friends for backups and immediate access to their files and such, so it isn't a huge deal. I just find it superconvienent to open my laptop on the road, hit the BT-DUN connect button (Verizon EVDO with hacked BT-DUN on my Q... I LOVE IT), hit WinLogo-R, type mstsc, put in my domain, hit the enter button, and BAM.... I'm right at home. I can access my email, leave my instant messengers open 24/7, control music at home, check security (both physical in the house and web security), check on some of the hosting servers I have for friends (I actually host a couple of MUDs for a few MUD fanatic friends of mine). If I'm on a high speed connection somewhere, I can remote desktop into my terminal server and secure remote desktop to one of my main rigs and feel right at home. I can watch movies, play music, organize pictures, post on chief delphi, or whatever! I also have a VPN set up so that I can locally mount disk images on any computer and play video games on any computer (public kiosks, lab computers, etc).

I have a love for servers. I'm always looking to expand my domain (no pun intended )

Jacob

EDIT: BTW, this is completly off topic.

[EHaskins]

Quote:

Originally Posted by whytheheckme

FYI uhsserobotics.com is run from a seperate couple of servers in my datacenter).

Jacob

Have you noticed a decrease in traffic lately? I get a GoDaddy parked free page if I try to view it.

[whytheheckme]

Quote:

Originally Posted by EHaskins

Have you noticed a decrease in traffic lately? I get a GoDaddy parked free page if I try to view it.

Yeah, I know

Waiting for payment on the domain name to clear..... For some reason I thought it would be good to send the bill to the team as opposed to me (it's only 10 bux a year... I should have just done it)

Now I have to wait for the bill to go through the team's process for paying for it (which, I hope to god it doesn't require a purchase order or some other beurocratic thing like that.... ) I was told it should be cleared by friday *crosses fingers*

But the servers are up and running exactly like they should be!

Jacob

[Tristan Lall]

Quote:

Originally Posted by whytheheckme

Now-a-days, I actually DO have RDP open on my domain (which is run out of my datacenter), but my gateway (that I built, its a P4 w/ 2.5 GB RAM fyi) forwards the RDP port to a specific Terminal Server, that is set up soley for that purpose. Once logged into the Terminal Server, you can access a secure area of my network (using encryption) which allows you to Remote Desktop any of the servers on my network (I run 7 servers 24/7 on my domain).

To stray a little from the topic at hand, I'm curious about that setup—mainly because I've always got it in the back of my head to try something similar. As I read your description it looks like your topology is like this:

Remote Computer (RC) ==RC's RDP=> Gateway ==Forwarded RC's RDP=> Terminal Server (TS) ==TS's RDP inside forwarded RC's RDP=> Specific Server

Doesn't that mean you're creating a second RDP session from within your terminal services client? Does that work well? (I've run RealVNC from within MSTSC, and it's terrible, but that should come as no surprise because MSTSC isn't VNC-aware. I don't recall what happens when you nest MSTSC, though.) Isn't it more usual (in the corporate world) to encapsulate the whole thing in a VPN over a different port, and have the gateway forward that directly to the required (specific) server?

Basically, it would be interesting to compare those methods...though in real life, I may have the rather more pressing problem of what to do when my cable or DSL provider decides to dynamically allocate a new IP, making me lose track of where my network exists at any given time.

[EHaskins]

Quote:

Originally Posted by Tristan Lall

I may have the rather more pressing problem of what to do when my cable or DSL provider decides to dynamically allocate a new IP, making me lose track of where my network exists at any given time.

Check out dyndns.com's dynamic DNS service. Its free, and I know that my Linksys router will automatically keep it up to date.

[whytheheckme]

Quote:

Originally Posted by Tristan Lall

To stray a little from the topic at hand, I'm curious about that setup—mainly because I've always got it in the back of my head to try something similar. As I read your description it looks like your topology is like this:

Remote Computer (RC) ==RC's RDP=> Gateway ==Forwarded RC's RDP=> Terminal Server (TS) ==TS's RDP inside forwarded RC's RDP=> Specific Server

Doesn't that mean you're creating a second RDP session from within your terminal services client? Does that work well? (I've run RealVNC from within MSTSC, and it's terrible, but that should come as no surprise because MSTSC isn't VNC-aware. I don't recall what happens when you nest MSTSC, though.) Isn't it more usual (in the corporate world) to encapsulate the whole thing in a VPN over a different port, and have the gateway forward that directly to the required (specific) server?

Basically, it would be interesting to compare those methods...though in real life, I may have the rather more pressing problem of what to do when my cable or DSL provider decides to dynamically allocate a new IP, making me lose track of where my network exists at any given time.

MSTSC works WONDERFULLY cascaded.... I regularly run 3 or 4 remote desktop windows inside of each other... Image this:

Remote Computer => The Internet (as low as 115kbps via cell phone up to say 30 or 40 megabit on a good cable connection or on campus) => my gateway => gigabit LAN => specific server => gigabit LAN => somewhere else on the network => gigabit LAN => somewhere else

and so on and so forth. The big speed problem is in your internet connection, but once inside the LAN, RDC windows running inside of each other is absolutley no problem. I believe that the client is actually designed to do this (as it does it so seamlessly.)

And regarding your 'dynamic IP'...

Most cable providers give dynamic IPs based on MAC address, so as long as you are connecting to the cable network with the same modem, you will have the same IP.... always.

DSL on the other hand
gives you a new IP dynamically every time you reboot the connecting modem. How wonderful.

Eric is TOTALLY on the ball as far as dyndns's service. It wonderful, as I used to use it before my cable provider started handing out 'static' IPs (yeah, I know, its not truely static, but its really really close.) You can use a bit of software to continuously report to dyndns your IP address. Awesome awesome stuff.

Jacob

[Tristan Lall]

And interestingly enough, DynDNS appears to be a FIRST team sponsor (for FRC501). I'll look into them....

[Scott L.]

DDNS:
http://www.EditDNS.net is another good dynamic DNS, it works with domains like abc.xyz
Where abc is the Second level domain and xyz is the top level domain.
Its free to use and alows control over the A, AAA, MX, NS, SRV, CNAME
More advanced features cost $6 for 6 months access to setup, but once set you don't need to pay after the 6 months unless you need to change a more advanced feature. I use the free service with my self hosted web sites and it works great.

Hosting:
The company I work with uses host rocket to host theirs and their customers sites on.
http://www.hostrocket.com/
They have 24/7 tech support (Actually called at 2am on Saturday)

Misc:
I haven't had much php or mySQL experience yet (I use SQL express and ASP.net 2.0), but would recomend making sure everything is up to date, and recheck all settings for any possible security holes.

I have two dual Xeon 2.6GHz HT (Device manager shows 4 CPUs) servers each with 1GB of Ram, striping Raid on Data Drives (SCSI LVD), 250GB SAN Storage for backups, VPN/Firewall router between servers and Internet
I used one of these servers to host the live web cast of PARC X.

[Tristan Lall]

Just to prove that Jacob's suggestion works, I'm making this post on my university's Windows Server 2003 terminal server, connected over Remote Desktop to a Windows XP virtual machine, which is itself connected over Remote Desktop to a Windows 98 virtual machine. Both VMs are running locally on Windows Vista (no, I didn't nest those too). It all seems to work pretty well (if you can tolerate 8-bit colour).