My Dream

Discussion in 'HTML' started by Neal, Dec 7, 2004.

  1. Neal

    Neal Guest

    Yes, this is on topic. (And crossposted to both alt.html and
    alt.www.webmaster for a greater field of response.)

    I had a dream last night that I was working on a webpage when all of a
    sudden I was noticing things in the source I hadn't added. Someone had
    access somehow. As I corrected things, I found new things suddenly changed
    - someone was in there at that moment!

    I thought, what to do now? I started going to my host's page to login and
    change my password, but was thinking if the hacker was logged in, maybe it
    wouldn't immediately boot them. Well, that's when I woke up, and
    thankfully it was all a dream. But it made me think - I really don't know
    for sure all I'd need to do in such a situation.

    Now, how would you handle this scenario in real life? What's the best
    approach to follow?

    What will my host need from me to track down these hackers? And would
    changing the password to something random effectively stop an active
    hacker?
    Neal, Dec 7, 2004
    #1
    1. Advertising

  2. Neal

    SpaceGirl Guest

    Neal wrote:
    > Yes, this is on topic. (And crossposted to both alt.html and
    > alt.www.webmaster for a greater field of response.)
    >
    > I had a dream last night that I was working on a webpage when all of a
    > sudden I was noticing things in the source I hadn't added. Someone had
    > access somehow. As I corrected things, I found new things suddenly
    > changed - someone was in there at that moment!
    >
    > I thought, what to do now? I started going to my host's page to login
    > and change my password, but was thinking if the hacker was logged in,
    > maybe it wouldn't immediately boot them. Well, that's when I woke up,
    > and thankfully it was all a dream. But it made me think - I really don't
    > know for sure all I'd need to do in such a situation.
    >
    > Now, how would you handle this scenario in real life? What's the best
    > approach to follow?
    >
    > What will my host need from me to track down these hackers? And would
    > changing the password to something random effectively stop an active
    > hacker?


    I'd unplug my machine immediatly from our network, scoot over to my
    linux laptop, telnet to my server and change the passwords.

    --


    x theSpaceGirl (miranda)

    # lead designer @ http://www.dhnewmedia.com #
    # remove NO SPAM to email, or use form on website #
    SpaceGirl, Dec 7, 2004
    #2
    1. Advertising

  3. Neal

    Neal Guest

    SpaceGirl:
    > (regarding handling a hacker)
    > I'd unplug my machine immediatly from our network


    Right, if one had access to the machine that would be the first thing to
    do. But for those who use a host, that might not be possible in a timely
    fashion. You'd have to wait till someone was on hand and available to do
    that...
    Neal, Dec 7, 2004
    #3
  4. Neal

    SpaceGirl Guest

    Neal wrote:
    > SpaceGirl:
    >
    >> (regarding handling a hacker)
    >> I'd unplug my machine immediatly from our network

    >
    >
    > Right, if one had access to the machine that would be the first thing to
    > do. But for those who use a host, that might not be possible in a timely
    > fashion. You'd have to wait till someone was on hand and available to do
    > that...


    So if my HOST was compromised? Not sure what I'd do then. Call my lawyer? :)

    I can access my sites from anywhere (for admin), so if my own network
    was totally compromised, I'd stop off at EasyEverything (a cybercafe for
    those who don't know) and remote from there, change the passwords again.

    I also have a shut-down "switch" on a couple of my sites. I can sign
    into the site from any Internet connection and disable the site just by
    passing a switch to a page... but of course if someone has access to the
    files they could easily get around that.

    But to be honest... I just try be vigilant, protect myself and my
    clients in any way I can, and really hope nothing bad happens!


    --


    x theSpaceGirl (miranda)

    # lead designer @ http://www.dhnewmedia.com #
    # remove NO SPAM to email, or use form on website #
    SpaceGirl, Dec 7, 2004
    #4
  5. Once upon a time, far far away, the king summoned Neal
    <> who replied:

    >Now, how would you handle this scenario in real life? What's the best
    >approach to follow?


    How likely is it that anyone is going to care enough to hack one of
    the millions of micro-web sites?

    The hackers I have known all went for more exciting fish, newspapers
    would be a good target, or a news service like the BBC, can you
    imagine the hoot if a fake (hacked) news story appeared in the Wall
    Street Journal online edition? or The Times ???

    Matt

    --
    If your encyclopaedia doesn't list "widget glass", you're reading the wrong encyclopaedia.
    The Probert Encyclopaedia. Its not the same.
    http://www.probertencyclopaedia.com
    http://www.probertencyclopaedia.com, Dec 7, 2004
    #5
  6. Neal

    DoobieDo Guest

    In article <>,
    says...
    > Yes, this is on topic. (And crossposted to both alt.html and
    > alt.www.webmaster for a greater field of response.)
    >
    > I had a dream last night that I was working on a webpage


    you've been eating too much cheese before bedtime again ;p
    DoobieDo, Dec 7, 2004
    #6
  7. Neal

    SpaceGirl Guest

    http://www.probertencyclopaedia.com wrote:

    >>Now, how would you handle this scenario in real life? What's the best
    >>approach to follow?

    >
    >
    > How likely is it that anyone is going to care enough to hack one of
    > the millions of micro-web sites?
    >
    > The hackers I have known all went for more exciting fish, newspapers
    > would be a good target, or a news service like the BBC, can you
    > imagine the hoot if a fake (hacked) news story appeared in the Wall
    > Street Journal online edition? or The Times ???
    >
    > Matt



    or how about the ticker tapes on 24 hour news? They're all flash movies
    run from customer software... it's all served from SOMEWHERE...

    --


    x theSpaceGirl (miranda)

    # lead designer @ http://www.dhnewmedia.com #
    # remove NO SPAM to email, or use form on website #
    SpaceGirl, Dec 7, 2004
    #7
  8. Neal

    SpaceGirl Guest

    SpaceGirl, Dec 7, 2004
    #8
  9. Neal

    Karl Core Guest

    "Neal" <> wrote in message
    news:eek:...
    > Yes, this is on topic. (And crossposted to both alt.html and
    > alt.www.webmaster for a greater field of response.)
    >
    > I had a dream last night that I was working on a webpage when all of a
    > sudden I was noticing things in the source I hadn't added. Someone had
    > access somehow. As I corrected things, I found new things suddenly
    > changed - someone was in there at that moment!
    >
    > I thought, what to do now? I started going to my host's page to login and
    > change my password, but was thinking if the hacker was logged in, maybe it
    > wouldn't immediately boot them. Well, that's when I woke up, and
    > thankfully it was all a dream. But it made me think - I really don't know
    > for sure all I'd need to do in such a situation.
    >
    > Now, how would you handle this scenario in real life? What's the best
    > approach to follow?
    >
    > What will my host need from me to track down these hackers? And would
    > changing the password to something random effectively stop an active
    > hacker?


    For my personal site, I'd leave it alone and wait until t3h haX0r got bored
    and moved on to more interesting exploits.
    For my work stuff, I'd scream like a little girl, call my company's
    uber-g33k, Mike, and have him squash t3h pUnk like a bug.


    --
    -Karl Core
    Please Support "Project Boneyard":
    http://www.insurgence.net/info.aspx?action=band&item=boneyard
    Karl Core, Dec 7, 2004
    #9
  10. Neal

    GreyWyvern Guest

    On Tue, 7 Dec 2004 12:14:05 -0500, Karl Core <>
    wrote:

    [snip]

    And just *where* have *you* been, mister!?! Do you have any idea what
    time it is??????

    Grey
    GreyWyvern, Dec 7, 2004
    #10
  11. Neal

    Augustus Guest

    "Neal" <> wrote in message
    news:eek:...
    >
    > Now, how would you handle this scenario in real life? What's the best
    > approach to follow?
    >
    > What will my host need from me to track down these hackers? And would
    > changing the password to something random effectively stop an active
    > hacker?


    Changing the password: this will most likely have no effect, since usually
    the password is just checked for once, when a person logs in... and not
    repeatedly checked while they are logged in.

    As far as how to handle it: this will depend on alot of specifics to the
    person in question... what software they have available to handle a hacker,
    are they physically near the server, how the person is hacking the site,
    etc.

    Overall I wouldn't worry too much about it...
    - Unless your site is really big/popular/well known then its not a high risk
    target for hackers (that doesn't mean it would never be hacked, but just
    that there probably isn't some kid in taiwan at this moment trying to break
    through your security so he can put "Hi Mom" on your site).
    - If somebody hacked your site its likely that they aren't going to go in
    there and change a bunch of text on different pages... they would just
    upload a new page or an image to your site and then move on.
    - If your site was hacked as above (the home page changed or something) then
    its easier to just restore it from a backup, take a look at what security
    you have in place and how you might improve it, and then just move on.
    - If you don't have a backup of your site, or make periodic archives of your
    site/data then you should... because, if your site is hacked and you don't
    have a backup then the one that is really at fault here is you.
    Augustus, Dec 7, 2004
    #11
  12. On Tue, 07 Dec 2004 10:28:48 -0500, Neal wrote:

    > I had a dream last night that I was working on a webpage when all of a
    > sudden I was noticing things in the source I hadn't added. Someone had
    > access somehow. As I corrected things, I found new things suddenly changed
    > - someone was in there at that moment!


    I had a dream that I was stuck in some sort of weird prison and it was
    winter and cold and icy and I had been there a long time, like a
    count-of-monte-cristo-long time, and I was trying to break out but there
    was this ocean and waves and other people hindering me and this long
    bridge or catwalk thing I had to crawl over and at that point the cat and
    the pirate tried to knock me off the bridge thing but they got swept away
    by the tidal wave and somehow there was this crazy blender thing that was
    pureeing people if you fell into it and some other stuff that, believe it
    or not, was actually kinda strange.

    but i'm not too sure you really have anything to worry about as far as
    hacking is concerned. It was only a dream, after all.

    could you sue your ISP if their negligence created a problem? I dunno...
    <http://www.google.com/search?q=sue+isp+hack&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:eek:fficial>

    Could you sue the hacker, presuming they are caught?
    etc...

    This is still a big fat gray area as far as law is concerned. Best bet,
    of course, is to keep local back ups of everything you do on a remotely
    hosted server of any kind. You *do* back everything up yourself, don't
    you??

    --
    Jeffrey D. Silverman |
    Website | http://www.newtnotes.com

    Drop "PANTS" to reply by email
    Jeffrey Silverman, Dec 7, 2004
    #12
  13. Neal

    Art Sackett Guest

    [F'ups trimmed because I don't read a.w.w. and my newsreader will
    puke on it...]

    In alt.html Neal <> wrote:

    > Now, how would you handle this scenario in real life? What's the best
    > approach to follow?


    I've actually seen a similar thing.

    A client of mine bought a server for co-lo, so we moved their sites to
    it from a web hosting provider who was once popular with the esteeemed
    folks of this very newsgroup but who shall remain nameless. The former
    web host started out by port scanning the new box, but didn't find
    anything too exciting or exploitable, and went away. I had hoped that
    the port scan would be the end of it.

    Some weeks or months later one of my applications on the new server
    emailed me several times in a short time, which I took to indicate that
    the client was having trouble with something he was doing, so I logged
    in on the server and initiated a 'talk' session with him to see if he
    needed some help. He was pretty sure that he had it under control, knew
    what was wrong with the data he was trying to feed to the app, so I
    just hung around for a bit. He came up with a "what if I wanted to do
    this?" kind of question, to which I replied he'd have to have root
    access to accomplish it. Next thing we know, on both of our terminals,
    is the question:

    What is the root password?

    I KNEW that there was no way this particular guy was going to ask for
    it. He's rightfully afraid of being root, because he doesn't have a
    clue about administering a Linux machine. So, while I typed out, "You
    know I'm not going to give that to you" I picked up the phone and
    dialed the guy's home number. His first words were, "I didn't type
    that!"

    So, while we continued chatting via talk, I did all of the appropriate
    checks on the server while I talked him through the installation of
    Zone Alarm on the laptop he was using. We quickly discovered that his
    laptop had been compromised, and the unauthorized remote host belonged
    to that former web hosting provider.

    I have no use at all for that former web hosting provider, but I
    believe they're smart enough to prevent their own machines from being
    cracked. At that time, all of their machines were located on their
    premises, so physical access was restricted. I drew the simplest
    conclusion... it could be the wrong conclusion, but there have been
    other incidents involving other of my clients and different servers
    that tend to support it.

    > What will my host need from me to track down these hackers?


    Hopefully, just the time at which you observed evidence of a
    compromise. Most compromises are initiated by script kiddies who don't
    know quite enough about their targets to effectively cover their
    tracks, so there will be evidence of their activity left behind.

    A truly skillful cracker will leave no evidence whatsoever, and will
    have bounced through so many remote hosts that rooting him out would be
    nearly impossible. In a case like that, the system administrator has to
    just pull the ethernet cable and start doing forensics to discover the
    hole that let the cracker in.

    In the end, tracking them down is almost always a pointless exercise,
    anyway.

    > And would
    > changing the password to something random effectively stop an active
    > hacker?


    It depends upon how the cracker got in, and if he's logged in at the
    time. Just changing your password doesn't generally terminate any
    active sessions, so if he's logged in at the time when you change your
    password, he'll remain logged in. If your system administrator is
    involved, he can kill all of the processes running under your user name
    to boot the cracker, but that doesn't mean he won't be back.

    If your web hosting provider offers you FTP, POP3, a web-based control
    panel via HTTP (rather than SSL), or any other service that
    authenticates in the clear, then anyone who can sniff the interface can
    get into that service. If all of them happen to authenticate against
    the same database, or your authentication credentials are the same for
    all of them via some other mechanism, anyone who can sniff the
    interface can get into all of them. So changing your password will just
    make them wait until you use one of those services.

    And, finally, if it's your machine that's compromised, nothing your
    hosting provider can do will help you. Personally, when I see evidence
    that a user's machine is compromised, I firewall it out until it's
    fixed, and keep an eye on it for a while after letting it back in.

    --
    Art Sackett,
    Patron Saint of Drunken Fornication
    Art Sackett, Dec 7, 2004
    #13
  14. Neal

    Toby Inkster Guest

    Neal wrote:

    > And would changing the password to something random effectively stop an
    > active hacker?


    Once the hacker has been on your system and installed whatever backdoors
    he likes, what makes you think he *cares* what your password is?

    --
    Toby A Inkster BSc (Hons) ARCS
    Contact Me ~ http://tobyinkster.co.uk/contact
    Toby Inkster, Dec 7, 2004
    #14
  15. Neal

    Mark Parnell Guest

    Previously in alt.html,alt.www.webmaster, Neal <> said:

    > I had a dream last night that I was working on a webpage when all of a
    > sudden I was noticing things in the source I hadn't added.

    <snip>
    > Now, how would you handle this scenario in real life? What's the best
    > approach to follow?


    Slow down on the martinis.

    --
    Mark Parnell
    http://www.clarkecomputers.com.au
    Mark Parnell, Dec 7, 2004
    #15
  16. GreyWyvern wrote:

    > On Tue, 7 Dec 2004 12:14:05 -0500, Karl Core <>
    > wrote:
    >
    > [snip]
    >
    > And just *where* have *you* been, mister!?! Do you have any idea what
    > time it is??????


    Just thinking the same myself!

    --
    Charles Sweeney
    http://CharlesSweeney.com
    Charles Sweeney, Dec 7, 2004
    #16
  17. Neal

    Average_Joe Guest

    In article <>, Neal wrote:
    > thankfully it was all a dream. But it made me think - I really don't know
    > for sure all I'd need to do in such a situation.
    >
    > Now, how would you handle this scenario in real life? What's the best
    > approach to follow?
    >
    > What will my host need from me to track down these hackers? And would
    > changing the password to something random effectively stop an active
    > hacker?


    No, it would not stop an active hacker. Changing a password won't 'take'
    until Mrs hacker logs in again.

    Matter of fact, a hacker might have changed the password right away to
    prevent you from doing just that.

    If you've got physical access, you're in luck, just pull the network
    cable.

    If I had shell access (Hosted machine) I'd change the password and then
    quickly kill the attackers login process ID.

    A lot of folks don't realize this, but plain FTP sends the password
    plain-text, as does POP. Kill off those services if you're using
    them and replace them with something based on SSL.

    Jamie
    --
    http://www.geniegate.com Custom web programming
    User Management Solutions Perl / PHP / Java / UNIX
    Average_Joe, Dec 8, 2004
    #17
  18. Neal

    Dylan Parry Guest

    Dylan Parry, Dec 8, 2004
    #18
  19. Neal

    Karl Core Guest

    "GreyWyvern" <> wrote in message
    news:eek:...
    > On Tue, 7 Dec 2004 12:14:05 -0500, Karl Core <>
    > wrote:
    >
    > [snip]
    >
    > And just *where* have *you* been, mister!?! Do you have any idea what
    > time it is??????
    >
    > Grey


    I've been hiding out on alt.html. Lower signal-to-noise ratio than you
    crazy kids on AWW


    --
    -Karl Core
    Please Support "Project Boneyard":
    http://www.insurgence.net/info.aspx?action=band&item=boneyard
    Karl Core, Dec 8, 2004
    #19
  20. Neal

    Matt Probert Guest

    Once upon a time, far far away, the king summoned SpaceGirl
    <> who replied:

    >http://www.probertencyclopaedia.com wrote:
    >
    >> Matt
    >>
    >> --
    >> If your encyclopaedia doesn't list "widget glass", you're reading the wrong encyclopaedia.
    >> The Probert Encyclopaedia. Its not the same.
    >> http://www.probertencyclopaedia.com

    >
    >btw, change your handle Matt!!!!
    >


    Sorry, just noticed that. AGAIN! Sorry!

    Matt

    --
    If your encyclopaedia doesn't list "widget glass", you're reading the wrong encyclopaedia.
    The Probert Encyclopaedia. Its not the same.
    http://www.probertencyclopaedia.com
    Matt Probert, Dec 8, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. main\(\){};
    Replies:
    3
    Views:
    1,058
    Steve McLellan
    Dec 14, 2004
  2. rfractal30
    Replies:
    5
    Views:
    513
    rfractal30
    Feb 21, 2005
  3. Replies:
    3
    Views:
    363
  4. Andrew Tomazos
    Replies:
    0
    Views:
    255
    Andrew Tomazos
    Nov 28, 2011
  5. Andrew Tomazos
    Replies:
    9
    Views:
    1,260
    Daniel Kr├╝gler
    Dec 3, 2011
Loading...

Share This Page