• trtrwtf (unregistered)

    This can't be the frist time that's happened.

  • Silver (unregistered) in reply to trtrwtf

    Maybe I am slow, but it seems like he was fired for exposing a gaping security hole. And then the retaliation from people who were annoyed their open server was cleaned out.

    So - he was fired after solving his first ticket and showing that everyone else was negligent?

    This just seems like a standard management WTF. But ALSO a former sysadmin WTF.

  • fritters (unregistered)

    I don't get it.

    So the boss sabotaged the server to scapegoat one employee because he nearly got caught downloading porn?

  • pnieuwkamp (cs)

    What's so bad about having just one server? Lots of companies have exactly that, just one server. Microsoft Small Business Server is specifically designed for it ;) (unless you take Premium version, then you get another Windows Server Standard and Microsoft SQL Server Standard for Small Business).

  • A Monkey (unregistered)
    ...the CEO just hung there for a second...
  • Jon (unregistered)

    The RWTF was that he asked permission. Just do it.

  • frits (cs)
    The Article:
    What they did have was a veritable cornucopia of porn.

    I think the industry standard term is pornucopia.

  • Greg Brady (unregistered) in reply to fritters
    fritters:
    I don't get it.

    So the boss sabotaged the server to scapegoat one employee because he nearly got caught downloading porn?

    It sounds more like Brian--who did not appreciate getting scolded for "hacking" the server--went home and showed the boss just how much damage he could do.

    The clues are there.

    TRWTF is that I don't believe all these stories where the IT department demonstrates how a vulnerability could be exploited and they get in trouble for it.

  • Sleepy (unregistered) in reply to pnieuwkamp
    pnieuwkamp:
    What's so bad about having just one server? Lots of companies have exactly that, just one server. Microsoft Small Business Server is specifically designed for it ;) (unless you take Premium version, then you get another Windows Server Standard and Microsoft SQL Server Standard for Small Business).
    It's not necessarily having just one server but the fact it hand an openly accessible, anonymous user, full access SFTP server on it that has access to everything.

    If that's not it, I need more coffee. Mmm.. coffee.

  • boog (cs)
    Most people here very UN-technical.
    You can say that again.
  • StupidTheKid (unregistered)

    The problem is that FTP server was open to the whole internet. What probably happened is that some random stranger decided to store porn there, but was smart enough not to be noticed at the time. It is a common approach to use unsecured computers over the web to store unsavory material, often illegal stuff too.

    The problem is, when that charming random stranger found that his data was missing, he remounted it to the FTP but apparently was not as careful the second time around, erasing the company's data. Probably through some bot which creates a mirror for some pornographic material, fully expecting to be deleted in the next 24 hours. I mean, who leaves an unsecured FTP over the web nowadays ?

  • Loren Pechtel (cs) in reply to StupidTheKid
    StupidTheKid:
    The problem is that FTP server was open to the whole internet. What probably happened is that some random stranger decided to store porn there, but was smart enough not to be noticed at the time. It is a common approach to use unsecured computers over the web to store unsavory material, often illegal stuff too.

    The problem is, when that charming random stranger found that his data was missing, he remounted it to the FTP but apparently was not as careful the second time around, erasing the company's data. Probably through some bot which creates a mirror for some pornographic material, fully expecting to be deleted in the next 24 hours. I mean, who leaves an unsecured FTP over the web nowadays ?

    I doubt that it was carelessness, but rather retaliation for wiping out the stuff he had stored there.

  • Craig (unregistered) in reply to Greg Brady
    Greg Brady:
    fritters:
    I don't get it.

    So the boss sabotaged the server to scapegoat one employee because he nearly got caught downloading porn?

    It sounds more like Brian--who did not appreciate getting scolded for "hacking" the server--went home and showed the boss just how much damage he could do.

    The clues are there.

    TRWTF is that I don't believe all these stories where the IT department demonstrates how a vulnerability could be exploited and they get in trouble for it.

    I don't think Brian actually did it. The porn was put there by random people outside the company who already knew about the open server. Brian deleted their stuff, so that night they retaliated by wiping out the company's data and filling it back up with porn. So Brian is technically responsible, since he decided to delete the files BEFORE securing the server, but he didn't actually do the damage.

  • Valczir (unregistered) in reply to pnieuwkamp
    pnieuwkamp:
    What's so bad about having just one server? Lots of companies have exactly that, just one server. Microsoft Small Business Server is specifically designed for it ;) (unless you take Premium version, then you get another Windows Server Standard and Microsoft SQL Server Standard for Small Business).

    First off, you're using a Microsoft Server OS as an example - when has Microsoft ever done anything right in terms of servers? We can argue linux vs Windows vs OS X all day as far as desktop OSes go, but when it comes to servers, you're looking at a choice between linux, BSD, or getting a new job.

    Second, having everything running on a single server is what caused all of their data to get wiped because of a security flaw in the FTP server. If they had the FTP server running on another box, they wouldn't have lost their data.

    Running one thing on one server means if someone finds a way to exploit a security flaw in that one thing, all you lose is the one thing (FTP, in this case). Running two things on one server means that if someone finds a way to exploit a security flaw in either of those two things, you lose both of them.

    There's a balance between cost and security/stability/etc, but the answer is almost never "one server for everything".

  • boog (cs)

    This isn't so bad. So they lost some data; it's always a risk in IT, not just from "hacking" (as the CEO calls it), but from user error and hardware failures as well. Just restore from backup and learn from your mistakes.

    What he didn’t expect though was to see was that it was all running on a single server.
    Wait, all? Surely they store backups elsewhere, right? Right?
    Data backups? Gone.
    Guess not.
  • rodney (unregistered)

    The other wtf is that the backups were still mounted to the server, and not stored in a fireproof safe somewhere.

  • Tom Woolf (unregistered) in reply to StupidTheKid
    StupidTheKid:
    The problem is that FTP server was open to the whole internet. What probably happened is that some random stranger decided to store porn there, but was smart enough not to be noticed at the time. It is a common approach to use unsecured computers over the web to store unsavory material, often illegal stuff too.

    ... I mean, who leaves an unsecured FTP over the web nowadays ?

    This was a couple of years back, and corrections have been made to the process, but the company I work for had a good example of that. A developer added a server to our network, but it was a Friday afternoon so he did not complete his checklist. Nothing was available on the server except space. Over the weekend somebody discovered the open server and used it to store gigs of files for their buddies. Monday AM they were all gone, but the logs showed what happened, and also showed no attempts to hack anything else - they just used it for open storage.

  • by (unregistered) in reply to Valczir
    Valczir:
    pnieuwkamp:
    What's so bad about having just one server? Lots of companies have exactly that, just one server. Microsoft Small Business Server is specifically designed for it ;) (unless you take Premium version, then you get another Windows Server Standard and Microsoft SQL Server Standard for Small Business).

    First off, you're using a Microsoft Server OS as an example - when has Microsoft ever done anything right in terms of servers? We can argue linux vs Windows vs OS X all day as far as desktop OSes go, but when it comes to servers, you're looking at a choice between linux, BSD, or getting a new job.

    Second, having everything running on a single server is what caused all of their data to get wiped because of a security flaw in the FTP server. If they had the FTP server running on another box, they wouldn't have lost their data.

    Running one thing on one server means if someone finds a way to exploit a security flaw in that one thing, all you lose is the one thing (FTP, in this case). Running two things on one server means that if someone finds a way to exploit a security flaw in either of those two things, you lose both of them.

    There's a balance between cost and security/stability/etc, but the answer is almost never "one server for everything".

    Get a few more years of experience under your belt before making uneducated and incorrect extremist comments like that.

    It's OK to be a junior, everybody was there at one time in their careers...

  • clive (unregistered) in reply to Valczir
    Valczir:
    First off, you're using a Microsoft Server OS as an example - when has Microsoft ever done anything right in terms of servers? We can argue linux vs Windows vs OS X all day as far as desktop OSes go, but when it comes to servers, you're looking at a choice between linux, BSD, or getting a new job.

    Much as I agree with the sentiment here, that comment is pretty far out of touch with the real world. Ever worked in corporate IT? Ever found quite how many suppliers have never heard of anything but windows? It almost makes me cry sometimes, but then I just get on with it.

    (though my main servers are neither linux, BSD or anything by MS - somebody's forgotten about a large chunk of systems which large companies use)

  • Ozz (unregistered) in reply to Greg Brady
    Greg Brady:
    TRWTF is that I don't believe all these stories where the IT department demonstrates how a vulnerability could be exploited and they get in trouble for it.
    Trust me, it happens more often than you could ever imagine. Especially if system was originally set up by someone related to the boss...
  • Mike (unregistered)

    a few gigs of undecidedly “NSFW” material.

    You are literally slaughtering the English language.

  • mott555 (cs) in reply to Valczir
    Valczir:
    First off, you're using a Microsoft Server OS as an example - when has Microsoft ever done anything right in terms of servers? We can argue linux vs Windows vs OS X all day as far as desktop OSes go, but when it comes to servers, you're looking at a choice between linux, BSD, or getting a new job.

    U trollin?

  • Ouch! (unregistered) in reply to Mike
    Mike:
    a few gigs of undecidedly “NSFW” material.

    You are literally slaughtering the English language.

    I see what you did there...

  • Sean (unregistered) in reply to Greg Brady
    fritters:
    TRWTF is that I don't believe all these stories where the IT department demonstrates how a vulnerability could be exploited and they get in trouble for it.

    Not sure what's so hard to believe about that. The term "shooting the messenger" was not created by accident.

  • William (unregistered) in reply to Craig

    You can lock the directory down, even if you don't establish usernames/passwords. No user should have ever been able to change directories, much less anonymous.

  • Skilldrick (unregistered) in reply to Mike
    Comment held for moderation.
  • Mike (unregistered) in reply to Valczir

    Because there's never been a security exploit in any services running on any non-MS server OS. Never! Oh, and no one's ever misconfigured a non-MS server, either.

    How much experience do you have, exactly?

    "If they had the FTP server running on another box, they wouldn't have lost their data"

    HAHAHAHAHAHAHA... right, that's a guarantee that since they didn't know WTF they were doing on one server, having two would have suddenly been so much better.

  • trwtf (unregistered)

    ARGGHHH! I HATE unfinished stories! Given the timing, I would guess that Adam wiped the site to prove a point - but he surely wouldn't wipe it on the same day that he exposed the flaw. Either way, the IP of the attacker should have been logged so was it Adam, the CEO, or just some random attacker with great timing? The story just isn't complete without this detail.

  • fritters (unregistered) in reply to Craig
    Craig:
    I don't think Brian actually did it. The porn was put there by random people outside the company who already knew about the open server. Brian deleted their stuff, so that night they retaliated by wiping out the company's data and filling it back up with porn. So Brian is technically responsible, since he decided to delete the files BEFORE securing the server, but he didn't actually do the damage.

    It just seemed like the boss was involved in some way -- it otherwise seems strange to me that he'd react with essentially "oh, who cares!" when told that someone is using their unprotected company server to store porn.

  • Andrew (unregistered) in reply to by
    by:
    Valczir:
    pnieuwkamp:
    What's so bad about having just one server? Lots of companies have exactly that, just one server. Microsoft Small Business Server is specifically designed for it ;) (unless you take Premium version, then you get another Windows Server Standard and Microsoft SQL Server Standard for Small Business).

    First off, you're using a Microsoft Server OS as an example - when has Microsoft ever done anything right in terms of servers? We can argue linux vs Windows vs OS X all day as far as desktop OSes go, but when it comes to servers, you're looking at a choice between linux, BSD, or getting a new job.

    Second, having everything running on a single server is what caused all of their data to get wiped because of a security flaw in the FTP server. If they had the FTP server running on another box, they wouldn't have lost their data.

    Running one thing on one server means if someone finds a way to exploit a security flaw in that one thing, all you lose is the one thing (FTP, in this case). Running two things on one server means that if someone finds a way to exploit a security flaw in either of those two things, you lose both of them.

    There's a balance between cost and security/stability/etc, but the answer is almost never "one server for everything".

    Get a few more years of experience under your belt before making uneducated and incorrect extremist comments like that.

    It's OK to be a junior, everybody was there at one time in their careers...

    Sir, I find your comment conductive to the developing experience, encouraging growth and learning (as opposed to tearing into an exhaustive argument, which I've often witnessed).

    I salutue you!

  • frits (cs)

    I'd rather have a few giggities of the decidedly "NSFW" material.

    You know, to add to my pornucopia.

  • boog (unregistered)
    “May I use your PC?” Barely waiting for permission, Adam...
    I'm pretty sure I would have strangled him before he got any further.
  • hoodaticus (cs) in reply to trwtf
    trwtf:
    ARGGHHH! I HATE unfinished stories! Given the timing, I would guess that Adam wiped the site to prove a point - but he surely wouldn't wipe it on the same day that he exposed the flaw. Either way, the IP of the attacker should have been logged so was it Adam, the CEO, or just some random attacker with great timing? The story just isn't complete without this detail.
    This leaves us in the same "wtf happened?" position as the parties to the tale, so I like it.
  • Katy GaGa (unregistered) in reply to Craig
    Craig:
    Greg Brady:
    fritters:
    I don't get it.

    So the boss sabotaged the server to scapegoat one employee because he nearly got caught downloading porn?

    It sounds more like Brian--who did not appreciate getting scolded for "hacking" the server--went home and showed the boss just how much damage he could do.

    The clues are there.

    TRWTF is that I don't believe all these stories where the IT department demonstrates how a vulnerability could be exploited and they get in trouble for it.

    I don't think Brian actually did it. The porn was put there by random people outside the company who already knew about the open server. Brian deleted their stuff, so that night they retaliated by wiping out the company's data and filling it back up with porn. So Brian is technically responsible, since he decided to delete the files BEFORE securing the server, but he didn't actually do the damage.

    Ok, I give up. Who's Brian?

  • Not a troll, no really (unregistered)

    Did I ever tell you about the time I got a worm on a Linux system? Well here we go:

    The distro was Debian, and I had installed FTP on it using aptitude. During installation, I was asked if I wanted to set up "anonymous access". "Why not?" I asked myself, as I was only sharing files between computers in the local network, and it was just a place to store files. Later, when I set up port-forwarding on my router, I forgot I had done this.

    Then one fine day, I was trying to use the Internets; and it was peculiarly slow. Normally, I would have blamed it on the ISP, but I noticed the light on the router my Linux PC was plugged into blinking like mad. I disconnected the ethernet cable and the page (on another machine) instantly completed loading. Logging into the Linux PC, I found a lot of data located in the ftp anonymous folder. Curious how this could happen, I reviewed the logs. I found a record of a script loading from a website which started executing, scanning addresses, and attempting to replicate itself. It had been successful. Doing some research on this virus, it turns out that it exploits security restrictions and was designed to infect Red Hat-powered web servers via anonymous ftp logins, replacing their web pages with advertisements for spam.

    I amended my ways, and that is the only time I've encountered a worm on Linux.

  • Not a troll, no really (unregistered) in reply to boog
    boog:
    “May I use your PC?” Barely waiting for permission, Adam...
    I'm pretty sure I would have strangled him before he got any further.
    I'm pretty sure you'd be in the same situation whether or not you strangled him.

    Your not to bright, are you?

  • Best Buy Warranty (unregistered) in reply to Not a troll, no really
    frits:
    boog:
    “May I use your PC?” Barely waiting for permission, Adam...
    I'm pretty sure I would have strangled him before he got any further.
    I'm pretty sure you'd be in the same situation whether or not you strangled him.

    Your not to bright, are you?

    Yeah, that joke's getting old.

  • by (unregistered) in reply to Not a troll, no really
    Not a troll:
    boog:
    “May I use your PC?” Barely waiting for permission, Adam...
    I'm pretty sure I would have strangled him before he got any further.
    I'm pretty sure you'd be in the same situation whether or not you strangled him.

    Your not to bright, are you?

    frits? I hope so, because we already have two of them...

  • Mad Donna (unregistered) in reply to Katy GaGa

    [quote user="Katy GaGa]Ok, I give up. Who's Brian?[/quote] Son of Naughtius Maximus.

  • saepius (unregistered)

    I don't get it: if Brian was just the junior technician, why did he go to the CEO and Owner and not the senior technician when he found the security hole? If he was the only technician, who dissembled the server overnight?

    Something does not compute.

  • Neil (unregistered)

    I was once asked to look at a hosted server which had a similar problem - it was running Windows 2000 and probably didn't have all of its patches which meant that it had acquired a rootkit which included an FTP backdoor that allowed the pirate to use it as a dumping ground for what appeared to be illegal videos and such like. But even they weren't so mean as to delete any of the actual data on the server.

  • barc0001 (unregistered) in reply to pnieuwkamp

    "What's so bad about having just one server?"

    Depends on the needs of the organization, but in most places you want multiple servers for compartmentalization if nothing else. If the FTP server is also the accounting server and someone manages to break in all of your account (and probably employee data) is in the wind and the impending identity theft of your employees will endear you to them. There's also the "single point of failure" aspect. If all of your company functions (accounting, sales CRM package, order system, etc) run off a single box and that box dies, nobody's doing anything until it's fixed. If the backups were viable.

  • frits (cs) in reply to Best Buy Warranty
    Best Buy Warranty:
    not frits:
    not boog:
    “May I use your PC?” Barely waiting for permission, Adam...
    I'm pretty sure I would have strangled him before he got any further.
    I'm pretty sure you'd be in the same situation whether or not you strangled him.

    Your not to bright, are you?

    Yeah, that joke's getting old.

    Why don't you go tell someone who cares about your opinion? Like maybe your mommy and daddy...

  • Best Buy Warranty (unregistered) in reply to frits
    frits:
    Best Buy Warranty:
    not frits:
    not boog:
    “May I use your PC?” Barely waiting for permission, Adam...
    I'm pretty sure I would have strangled him before he got any further.
    I'm pretty sure you'd be in the same situation whether or not you strangled him.

    Your not to bright, are you?

    Yeah, that joke's getting old.

    Why don't you go tell someone who care's about your opinion? Like maybe your mommy and daddy...

    You can't fool me. They don't care about my opinion.

  • Freud (unregistered) in reply to Best Buy Warranty

    OK. Now we're getting somewhere. Why don't you tell me about your Mother...

  • by (unregistered) in reply to Neil
    Neil:
    I was once asked to look at a hosted server which had a similar problem - it was running Windows 2000 and probably didn't have all of its patches which meant that it had acquired a rootkit which included an FTP backdoor that allowed the pirate to use it as a dumping ground for what appeared to be illegal videos and such like. But even they weren't so mean as to delete any of the actual data on the server.

    My guess is it was some kid who got pissed that someone deleted their pornucopia of, well, porn. One thing is for sure, and that is their free off-site-storage will be gone forever, with potentially police chasing them down (assuming the attackers aren't from a third world country, or worse, Russia).

  • Best Buy Warranty (unregistered) in reply to Freud
    Freud:
    OK. Now we're getting somewhere. Why don't you tell me about your Mother...

    My mother? I think I could tell you more about your mother.

  • barc0001 (unregistered) in reply to saepius

    Most non-technical companies like that probably don't have a "senior" tech, instead someone's cousin set something up on a weekend last year or maybe one of the guys in back tinkers a bit but doesn't really know what they're doing. They hired him as a junior tech because they needed a dedicated tech person at last, and the "junior" part refers to the salary expectation, not the job description.

  • boog (cs) in reply to boog
    boog (defective copy):
    I'm pretty sure I would have strangled him before he got any further.
    So unnecessary. Where did you learn such violent behavior?
  • Maurits (cs)

    Agreed that Adam could have handled this better. Here's some best practices for dealing with an unsecured FTP site:

    1. Firewall off access to the machine on the FTP ports.
    2. Make sure you have all security patches installed.
    3. Scan for malware.
    4. Lock down the FTP site. It's perfectly OK to allow anonymous access read-only, perhaps to a "public" folder". Write access should require authentication.
    5. Delete all the inappropriate content.
    6. Now - and only now - reconfigure the firewall to allow access to the FTP site again.

Leave a comment on “Abusing the FTP”

Log In or post as a guest

Replying to comment #:

« Return to Article