- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
This can't be the frist time that's happened.
Admin
Maybe I am slow, but it seems like he was fired for exposing a gaping security hole. And then the retaliation from people who were annoyed their open server was cleaned out.
So - he was fired after solving his first ticket and showing that everyone else was negligent?
This just seems like a standard management WTF. But ALSO a former sysadmin WTF.
Admin
I don't get it.
So the boss sabotaged the server to scapegoat one employee because he nearly got caught downloading porn?
Admin
What's so bad about having just one server? Lots of companies have exactly that, just one server. Microsoft Small Business Server is specifically designed for it ;) (unless you take Premium version, then you get another Windows Server Standard and Microsoft SQL Server Standard for Small Business).
Admin
Admin
The RWTF was that he asked permission. Just do it.
Admin
I think the industry standard term is pornucopia.
Admin
The clues are there.
TRWTF is that I don't believe all these stories where the IT department demonstrates how a vulnerability could be exploited and they get in trouble for it.
Admin
If that's not it, I need more coffee. Mmm.. coffee.
Admin
Admin
The problem is that FTP server was open to the whole internet. What probably happened is that some random stranger decided to store porn there, but was smart enough not to be noticed at the time. It is a common approach to use unsecured computers over the web to store unsavory material, often illegal stuff too.
The problem is, when that charming random stranger found that his data was missing, he remounted it to the FTP but apparently was not as careful the second time around, erasing the company's data. Probably through some bot which creates a mirror for some pornographic material, fully expecting to be deleted in the next 24 hours. I mean, who leaves an unsecured FTP over the web nowadays ?
Admin
I doubt that it was carelessness, but rather retaliation for wiping out the stuff he had stored there.
Admin
I don't think Brian actually did it. The porn was put there by random people outside the company who already knew about the open server. Brian deleted their stuff, so that night they retaliated by wiping out the company's data and filling it back up with porn. So Brian is technically responsible, since he decided to delete the files BEFORE securing the server, but he didn't actually do the damage.
Admin
First off, you're using a Microsoft Server OS as an example - when has Microsoft ever done anything right in terms of servers? We can argue linux vs Windows vs OS X all day as far as desktop OSes go, but when it comes to servers, you're looking at a choice between linux, BSD, or getting a new job.
Second, having everything running on a single server is what caused all of their data to get wiped because of a security flaw in the FTP server. If they had the FTP server running on another box, they wouldn't have lost their data.
Running one thing on one server means if someone finds a way to exploit a security flaw in that one thing, all you lose is the one thing (FTP, in this case). Running two things on one server means that if someone finds a way to exploit a security flaw in either of those two things, you lose both of them.
There's a balance between cost and security/stability/etc, but the answer is almost never "one server for everything".
Admin
This isn't so bad. So they lost some data; it's always a risk in IT, not just from "hacking" (as the CEO calls it), but from user error and hardware failures as well. Just restore from backup and learn from your mistakes.
Wait, all? Surely they store backups elsewhere, right? Right? Guess not.Admin
The other wtf is that the backups were still mounted to the server, and not stored in a fireproof safe somewhere.
Admin
This was a couple of years back, and corrections have been made to the process, but the company I work for had a good example of that. A developer added a server to our network, but it was a Friday afternoon so he did not complete his checklist. Nothing was available on the server except space. Over the weekend somebody discovered the open server and used it to store gigs of files for their buddies. Monday AM they were all gone, but the logs showed what happened, and also showed no attempts to hack anything else - they just used it for open storage.
Admin
Get a few more years of experience under your belt before making uneducated and incorrect extremist comments like that.
It's OK to be a junior, everybody was there at one time in their careers...
Admin
Much as I agree with the sentiment here, that comment is pretty far out of touch with the real world. Ever worked in corporate IT? Ever found quite how many suppliers have never heard of anything but windows? It almost makes me cry sometimes, but then I just get on with it.
(though my main servers are neither linux, BSD or anything by MS - somebody's forgotten about a large chunk of systems which large companies use)
Admin
Admin
a few gigs of undecidedly “NSFW” material.
You are literally slaughtering the English language.
Admin
U trollin?
Admin
Admin
Not sure what's so hard to believe about that. The term "shooting the messenger" was not created by accident.
Admin
You can lock the directory down, even if you don't establish usernames/passwords. No user should have ever been able to change directories, much less anonymous.
Admin
Naw, he was talking about undecidability - you give all that material to an algorithm and ask it if it's NSFW - it's undecidable. Very clever Mark!
[image] In case you didn't know, I'm being sarcastic.Admin
Because there's never been a security exploit in any services running on any non-MS server OS. Never! Oh, and no one's ever misconfigured a non-MS server, either.
How much experience do you have, exactly?
"If they had the FTP server running on another box, they wouldn't have lost their data"
HAHAHAHAHAHAHA... right, that's a guarantee that since they didn't know WTF they were doing on one server, having two would have suddenly been so much better.
Admin
ARGGHHH! I HATE unfinished stories! Given the timing, I would guess that Adam wiped the site to prove a point - but he surely wouldn't wipe it on the same day that he exposed the flaw. Either way, the IP of the attacker should have been logged so was it Adam, the CEO, or just some random attacker with great timing? The story just isn't complete without this detail.
Admin
It just seemed like the boss was involved in some way -- it otherwise seems strange to me that he'd react with essentially "oh, who cares!" when told that someone is using their unprotected company server to store porn.
Admin
Sir, I find your comment conductive to the developing experience, encouraging growth and learning (as opposed to tearing into an exhaustive argument, which I've often witnessed).
I salutue you!
Admin
I'd rather have a few giggities of the decidedly "NSFW" material.
You know, to add to my pornucopia.
Admin
Admin
Admin
Admin
Did I ever tell you about the time I got a worm on a Linux system? Well here we go:
The distro was Debian, and I had installed FTP on it using aptitude. During installation, I was asked if I wanted to set up "anonymous access". "Why not?" I asked myself, as I was only sharing files between computers in the local network, and it was just a place to store files. Later, when I set up port-forwarding on my router, I forgot I had done this.
Then one fine day, I was trying to use the Internets; and it was peculiarly slow. Normally, I would have blamed it on the ISP, but I noticed the light on the router my Linux PC was plugged into blinking like mad. I disconnected the ethernet cable and the page (on another machine) instantly completed loading. Logging into the Linux PC, I found a lot of data located in the ftp anonymous folder. Curious how this could happen, I reviewed the logs. I found a record of a script loading from a website which started executing, scanning addresses, and attempting to replicate itself. It had been successful. Doing some research on this virus, it turns out that it exploits security restrictions and was designed to infect Red Hat-powered web servers via anonymous ftp logins, replacing their web pages with advertisements for spam.
I amended my ways, and that is the only time I've encountered a worm on Linux.
Admin
Your not to bright, are you?
Admin
Admin
frits? I hope so, because we already have two of them...
Admin
[quote user="Katy GaGa]Ok, I give up. Who's Brian?[/quote] Son of Naughtius Maximus.
Admin
I don't get it: if Brian was just the junior technician, why did he go to the CEO and Owner and not the senior technician when he found the security hole? If he was the only technician, who dissembled the server overnight?
Something does not compute.
Admin
I was once asked to look at a hosted server which had a similar problem - it was running Windows 2000 and probably didn't have all of its patches which meant that it had acquired a rootkit which included an FTP backdoor that allowed the pirate to use it as a dumping ground for what appeared to be illegal videos and such like. But even they weren't so mean as to delete any of the actual data on the server.
Admin
"What's so bad about having just one server?"
Depends on the needs of the organization, but in most places you want multiple servers for compartmentalization if nothing else. If the FTP server is also the accounting server and someone manages to break in all of your account (and probably employee data) is in the wind and the impending identity theft of your employees will endear you to them. There's also the "single point of failure" aspect. If all of your company functions (accounting, sales CRM package, order system, etc) run off a single box and that box dies, nobody's doing anything until it's fixed. If the backups were viable.
Admin
Why don't you go tell someone who cares about your opinion? Like maybe your mommy and daddy...
Admin
You can't fool me. They don't care about my opinion.
Admin
OK. Now we're getting somewhere. Why don't you tell me about your Mother...
Admin
My guess is it was some kid who got pissed that someone deleted their pornucopia of, well, porn. One thing is for sure, and that is their free off-site-storage will be gone forever, with potentially police chasing them down (assuming the attackers aren't from a third world country, or worse, Russia).
Admin
My mother? I think I could tell you more about your mother.
Admin
Most non-technical companies like that probably don't have a "senior" tech, instead someone's cousin set something up on a weekend last year or maybe one of the guys in back tinkers a bit but doesn't really know what they're doing. They hired him as a junior tech because they needed a dedicated tech person at last, and the "junior" part refers to the salary expectation, not the job description.
Admin
Admin
Agreed that Adam could have handled this better. Here's some best practices for dealing with an unsecured FTP site: