JackGriffin wrote:I took most of the last week off the computer. I was really pissed over this and I didn't want to say something angry. Please let me close this project out correctly though and fill you in with the rest.
The server was being hammered almost from the time it was switched on. I'm going to post some logs here but I'm not going to post the IP that actually succeeded in getting in. It resolves to a proxy connection anyway, bounced through one of Hotspot Shield's servers. You Linux guys would enjoy scanning this log, you will see how I was learning to use putty and attempting to set up a usable FTP server within the redirect. I ended up just using SFTP as I could never get the FTP to work right. The non-Linux guys will still enjoy looking at the never-ending attempts to gain access to the server. Anyway, feel free to look. This is a small portion of what was happening (log is lengthy and attached). Yes, that's my real IP. Yes, I did not scrub the logs of my personal stuff. I don't give a shit any more, there's nothing left to hack at.
Apache and everything installed OK, the server was visible and useful. When the person who trashed the server connected they knew what they were doing. They basically walked right in, cleared the Auth.log and trashed the server (above was a save I had made the day before). Apache was pointed towards non-visible folders to take the site offline and the redirect folder was emptied. I could still putty in but couldn't stop it, mostly because I didn't know how. This person didn't seem to have root access as the password was never changed but nothing else was off limits to them (I think).
I logged out and contacted the host. They gave me their access records but it wasn't much help. As I said the accessing IP was proxied.
Shortly after this I talked with Ferali and he gave me some advice, which I took to my son's tech teacher actually. They have a LAN party at the High School every Friday and I talked with him about what had happened. He confirmed what I had been told, there are vulnerabilities in Ubuntu 12.04 and in fact he was going to set up a webserver in the class and allow it to be taken over by hackers so the kids could watch it "live". It's a shame they missed this one :rollseyes:
It was my sincere hope that this would be left alone but it wasn't. I made it clear that it was only for redirect files and the site structure showed that but it still wasn't good enough. I've spent a lot of hours and time helping a shitload of people in UT fix things, this wasn't deserved. Yeah UTP made cheating hard for a little while but if that's the payback reason it's a weak one.
Anyway as I said this really takes the wind from my sails. I probably will just go back to being a random player when I feel like a little UT action and leave this stuff to the people who are obviously more capable than I am. Huge thanks to Scarface and Ferali for the help they offered and gave. I'm sorry directly to the people this was going to help too. You are the ones who suffered the most.
OK, that'll do it for this project. Peace gentlemen (and you too paper)
what? ...what did I do?
Your sons IT teacher should be highly praised. I doubt his lessons are standard. All schools should be run on Linux.
