stupid stupid stupid

Discussion in 'MCSE' started by kpg, Oct 26, 2004.

  1. kpg

    kpg Guest

    OK. Someone in our fine organization left the anonymous FTP site open
    over the weekend (I'm not naming names) , and of course some unemployed
    drug ridden teenage euro socialist (I'm assuming) with grims ping or some
    other
    such utility tagged me. So I'm trying to clean up the mess. I can delete
    all those
    evil little files and folders using a combination of DOS wildcards, UNC
    notation
    and the POSIX rm utility except for one. This one (named com6 and buried
    about a gazillion levels down) gives me permission denied. The drive is
    NTFS.
    ChkDsk /f on reboot fixed some stuff, but still no joy. Except for the MSKB
    articles about removing reserved word files there is very little I found
    about the
    subject.

    Is there any hope for me or do I have to live with this stupid directory
    tree until the next re-format?
     
    kpg, Oct 26, 2004
    #1
    1. Advertisements

  2. kpg

    Consultant Guest

    heh heh
     
    Consultant, Oct 26, 2004
    #2
    1. Advertisements

  3. kpg

    LnkWizard Guest

    try this site http://download.broadbandmedic.com and download Pocket
    Killbox.
    That helped me find and eliminate some files that were not even visible
    as an admin with show hidden and system files set. These critters were
    invisible to
    everything but the killbox program.
     
    LnkWizard, Oct 26, 2004
    #3
  4. kpg

    kpg Guest

    Yeah, I know. It is pretty funny.

    And it wouldn't be so bad if they had left some decent
    DVD's behind, but just some new age punk music crap.

    kp "I was thinking black market Japanese bondage" g
     
    kpg, Oct 26, 2004
    #4
  5. kpg

    Consultant Guest

    can you put up a list of mp3's that you have available for us to download,
    thanks
     
    Consultant, Oct 26, 2004
    #5
  6. kpg

    kpg Guest

    It's not funny anymore.
     
    kpg, Oct 26, 2004
    #6
  7. kpg

    Consultant Guest

    ok, then just send me the list, no need to post it up here
     
    Consultant, Oct 26, 2004
    #7
  8. kpg

    molsonexpert Guest

    A little of topic, but relevant to security: a university in Ontario got
    hacked recently, and the hacker was able to record user's keystrokes for
    later use. User info, passwords, bank account numbers, payroll info, all
    compromised. The administrator (obviously non-IT) said this: "We do what
    everybody else does when it comes to computer security, but whoever it was
    still broke in. I'm shocked". This went on unchecked for 7 months. So who's
    to blame, the doofus admin without a clue, or his IT staff, who failed
    miserably (I'd like to think they were contrained by budgeting, but it still
    isn't an excuse) and gave the admin a false sense of security (pun
    intended)? "We do what everybody else does..." is a classic.

    steve.
     
    molsonexpert, Oct 26, 2004
    #8
  9. kpg

    Mostro Guest

    do a serach on the knowledge base (MS), there is a procedure for deleteing
    those files, I have done it before
     
    Mostro, Oct 26, 2004
    #9
  10. kpg

    Dragon Guest

    For most companies "We do what everybody else does..." means, we care a lot
    for security but we rather buy a shiny new wireless PDA for our execs than
    spending a small percentage of that for our system security.
     
    Dragon, Oct 26, 2004
    #10
  11. kpg

    kpg Guest

    Thanks.

    Killbox was able to traverse below the offensive folder
    and I was able to delete the lowest level folder (with
    the stuff) but not the rest of the dir structure.

    However this tool:

    http://www.deletefxpfiles.com/

    is great. It was able to delete everything and was very
    easy to use. I used the free (unregistered) version and
    had no problem. I highly recommend it to any one dumb
    enough to leave your FTP site open.

    kp "free at last" g
     
    kpg, Oct 26, 2004
    #11
  12. kpg

    Rowdy Yates Guest

    my favorite quote:

    "If you spend more on coffee than on IT security, then you will be
    hacked. What's more, you deserve to be hacked." Richard Clarke

    hard to believe how true this is.

    he .. he ..
     
    Rowdy Yates, Oct 26, 2004
    #12
  13. kpg

    T-Bone Guest

    That happened to us once and IIRC I was able to fix it from a command prompt
    by using the 8.3 file names.

    T-Bone
    MCNGP XL
     
    T-Bone, Oct 26, 2004
    #13
  14. kpg

    Guest Guest

    Actually it is funny that you/your company has a bunch of morons that can not
    secure the network properly.
     
    Guest, Oct 26, 2004
    #14
  15. kpg

    kpg Guest

    Now that IS funny!
     
    kpg, Oct 26, 2004
    #15
  16. kpg

    Neil Guest

    ummmm...we all know someone who works at a University in Ontario...
     
    Neil, Oct 27, 2004
    #16
  17. Rule #1 for a compromised server: Rebuild.

    Laura
     
    Laura A. Robinson, Oct 28, 2004
    #17
  18. kpg

    T-Bone Guest

    For the record, we just had a similar incident here (PHB left the FTP
    service running). There were several directories created with the name like
    "LPT1<space>" I was able to find the name of the top level directory using
    DIR /x from an NT command prompt. Then I used RD <8.3 directory name> /S to
    kill the whole directory.

    Sorry to revive an old topic, just wanted to have a solution posted for the
    archives.

    T-Bone
    MCNGP XL
    Better late than never
     
    T-Bone, Nov 26, 2004
    #18
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.