My network works great from 9 to 5 but after that we have bandwidth issues and space disappears! Help!! ~ Ask The Admin

Wednesday, September 05, 2007

My network works great from 9 to 5 but after that we have bandwidth issues and space disappears! Help!!

We have gotten several emails with different problems that all came back to the same problem - They got hacked! Some people had their remote access die after 5pm. While others lose all their hard drive space over night but when they got to the office - in the morning everything was back to normal.

Admin after admin saying their machines are making them look like liars!
Check out these emails:


Hi,

I'm having a bit of an issue with our windows server 2003 box.Most things are work fine but during the day hard drive space seems to be eaten up and then goes back to normal at 5pm ish. Any ideas what might be doing this? The server is being used as a mail server (exchange), file server and print server.

Regards,

and...

Dude,

I am getting hammered after hours. All my remote desktops, ftp servers go down at exactly 5:02pm. And they come back at around 8:30am. I tried blocking everything but nothing works. You got to help me so I don't get fired!


HELPME!

They all had one thing in common. They all had FTP servers available to the Internet. They also were not up to snuff with their windows updates. Hackers infiltrated their servers created hidden folders on the effected servers. They then use your space and bandwidth to store and distribute warez or other content.

If you feel you are in this situation - first try to pin point when it started. Then use the power of the search to search from files changed on or since that date. Now you can see you possible culprits. See any huge files - sort by file size. Have you turned on show all system files in folder options?

Ah there you go - 10 Gigz of french porn... 100's of German mp3's? Whatever it is chances are its not going to be easy to get it off your machine. First lets disable your ftp server - if you didn't know you had one stop the FTP Service or U-FTP or something similar. This will prevent the remote user from connecting - at least momentarily.
Now lock down your firewall and change user accounts/passwords. Apparently hackers felt they could avoid detection for a lot longer if they are not operating within business hours. Smart mother cluckers eh? Well it works and usually long enough to fill your file servers with crap.

Sometimes its good crap. Maybe even some porn you will want to add to your collection. But this stuff will definitely eventually hinder your work. Have you guys seen a variation on this? I haven't seen it happen to a well protected machine so use this as an opportunity to lock your shiznit down son. Don't wait until you have been hacked!

TheProActiveAdmiN