Somebody Redecorated our place Options

[SirAndy]

time for a little (IMG:style_emoticons/default/icon_bump.gif) to keep this floating on top (like a turd in a pool) ...

and yes, i'm feeling better now, thanks for asking!
(IMG:style_emoticons/default/chowtime.gif) Andy

[r_towle]

A true operations guy...you are a glutton for punishment.

Keep up the good work..again I will help if you get pissed.

I found afew good, free firewalls for linux..
If you are on linux, let me know..they have good ratings.

Also, I could help with your router config...if that is allowed..

rich

[SirAndy]

A true operations guy...you are a glutton for punishment.

Keep up the good work..again I will help if you get pissed.

I found afew good, free firewalls for linux..
If you are on linux, let me know..they have good ratings.

Also, I could help with your router config...if that is allowed..

rich

thank you sir!

right now, i'm pondering options and a hardware solution like one of the "cheaper" (note, i didn't say "cheap", i said "cheaper") Netscreen Firewalls is looking pretty good to me ...
(IMG:style_emoticons/default/type.gif) Andy

[fiid]

thank you sir!

right now, i'm pondering options and a hardware solution like one of the "cheaper" (note, i didn't say "cheap", i said "cheaper") Netscreen Firewalls is looking pretty good to me ...
(IMG:style_emoticons/default/type.gif) Andy

We have some relationships with some firewall/ips companies - we might be able to score something for you. I have a really nice device on my home network. I'd really like to get more info on what happened - perhaps you could should me an email or IM?

[SirAndy]

We have some relationships with some firewall/ips companies - we might be able to score something for you. I have a really nice device on my home network. I'd really like to get more info on what happened - perhaps you could should me an email or IM?

(IMG:style_emoticons/default/smilie_pokal.gif) that would be cool ...


simple:

hacker guy exploits bug in old BBS software and installs custom PHP script and runs it to get domain user acocunt info and other stuff off the machine. luckily, he didn't get any passwords.
he then adds some virus/backdoor/trojan code to the main BBS index page to attack members machines.
he then proceeds to run a "brute force" attack on the FTP and NetBios Ports, trying to crack the password and hack his way into the machine with domain admin access.

that's where we catched him and closed the door on him. that's why you see blue instead of green.
we updated the BBS software to the latest version and we upgraded PHP and mySQL as well.
the system *should* be safe now, just not green anymore.
but jeroen is working on that ...

(IMG:style_emoticons/default/givemebeer.gif) Andy

[Verruckt]

right now, i'm pondering options and a hardware solution like one of the "cheaper" (note, i didn't say "cheap", i said "cheaper") Netscreen Firewalls is looking pretty good to me ...
(IMG:style_emoticons/default/type.gif) Andy

Netscreen ain't all that Andy... (IMG:style_emoticons/default/dry.gif)

Because I have WAAAAY too much shit in my basement as it is... If you want, I'll donate a Nokia IP440 firewall to the cause. Consider it my "membership fee". It was decomissioned at my work, but our bandwidth requirements are are alot more than here, so it should be MORE than adequate. Anywho, if you don't mind paying for shipping, it's yours. And I also have the latest os for it. Let me know.

Howz that for "cheaper" ?

[Verruckt]

I guess I should add..

Your box was rooted from an exploit in the software you were using. So no amount of firewalls would have protected from that. I'm not telling you your business, just the facts. A firewall would have only stopped a few of the things you menthioned. A firewall is not a replacement for patch management. Keep the box updated as much as possible.

A firewall will definitely help though, and the Nokia is yours if you want it.

[Rand]

right now, i'm pondering options and a hardware solution like one of the "cheaper" (note, i didn't say "cheap", i said "cheaper") Netscreen Firewalls is looking pretty good to me ...
(IMG:style_emoticons/default/type.gif) Andy

I use Netscreen firewalls, and have been very pleased with them. I started with a little 5xp several years ago before Juniper bought them out. I like the separate hardware unit better than running a software-based firewall on the server.

Just a heads-up (I'm sure you are already aware of, but just in case...) The subscription to keep them updated is not cheap.

[SirAndy]

I guess I should add..

Your box was rooted from an exploit in the software you were using. So no amount of firewalls would have protected from that. I'm not telling you your business, just the facts. A firewall would have only stopped a few of the things you menthioned. A firewall is not a replacement for patch management. Keep the box updated as much as possible.

A firewall will definitely help though, and the Nokia is yours if you want it.

yes, never said it would. there's another thread here somewhere where i go more into detail. i've been around this stuff for a while. firewall DOES help protecting against the "brute force" attacks he was running, at least on the NetBios Port as there is NO reason to share this one with the world.

i'll gladly pay shipping! you rock ...
(IMG:style_emoticons/default/smilie_pokal.gif) Andy

[SirAndy]

Keep the box updated as much as possible.

no problem there either. box has always been up to date with everything, EXCEPT the BBS software.
as said before, the reason behind that is/was the TONS of custom code that went into our old BBS.
all of that is lost now and has to be re-created ... (IMG:style_emoticons/default/type.gif)

and no, i'm not just talking about downloading some pre-made skin from invision ...
(IMG:style_emoticons/default/rolleyes.gif) Andy

[Verruckt]

I guess I should add..

Your box was rooted from an exploit in the software you were using. So no amount of firewalls would have protected from that. I'm not telling you your business, just the facts. A firewall would have only stopped a few of the things you menthioned. A firewall is not a replacement for patch management. Keep the box updated as much as possible.

A firewall will definitely help though, and the Nokia is yours if you want it.

yes, never said it would. there's another thread here somewhere where i go more into detail. i've been around this stuff for a while. firewall DOES help protecting against the "brute force" attacks he was running, at least on the NetBios Port as there is NO reason to share this one with the world.

i'll gladly pay shipping! you rock ...
(IMG:style_emoticons/default/smilie_pokal.gif) Andy

I never saw that other thread? What was the title? I'd like to read it.

This nokia is a 4u. I'm not sure what your hosting arrangement is, but just know that it's big. PM me and we can get down to brass tacks.

[Rand]

Your box was rooted from an exploit in the software you were using. So no amount of firewalls would have protected from that.

Good points Kurt. And very cool to offer the firewall! (IMG:style_emoticons/default/smilie_pokal.gif)

The guys know what they are doing... they know a hole in the old board software was exploited. Hence the upgrade at the cost of a ton of customization work. The firewall would have been a huge protection for things like the port 139 attack that was happening after the site was compromised.
[edit: never mind, my post was slow (IMG:style_emoticons/default/smile.gif) ]

On skins...
Admins: Will multiple skins be supported now? Are you cool with people building some custom skins that could be submitted for approval and added to the list of choices?

This post has been edited by Rand: Apr 14 2006, 02:07 PM

[SirAndy]

This nokia is a 4u. I'm not sure what your hosting arrangement is, but just know that it's big. PM me and we can get down to brass tacks.

got plenty of space left, more than half a rack ...

i'm going to lunch now, i'll PM you when i get back ...
(IMG:style_emoticons/default/chowtime.gif) Andy

[SirAndy]

I never saw that other thread? What was the title? I'd like to read it.

i'll have to look for it. maybe that was on the bird board? alzheimers ...
(IMG:style_emoticons/default/confused24.gif) Andy

[McMark]

On skins...
Admins: Will multiple skins be supported now? Are you cool with people building some custom skins that could be submitted for approval and added to the list of choices?

It's a possibility. (It always was)

Jeroen is in charge of look and feel. He'll have to answer this question.

[markb]

ewwwww... ugly standar look (IMG:style_emoticons/default/biggrin.gif)
well good thing we have a long weekend ahead
instead of painting easter eggs I'll throw some paint around here (IMG:style_emoticons/default/wink.gif)

oh... and thanks Andy/Mark for all the hard work and getting the site up and runnin' again!

(IMG:style_emoticons/default/agree.gif)

And a big thanks to you, too, Jeroen, for all the work you will be putting in.

I'm with Jen, it's good to have our "home" back, even if it is a bit different for a while.

[ClayPerrine]

I guess I should add..

Your box was rooted from an exploit in the software you were using. So no amount of firewalls would have protected from that. I'm not telling you your business, just the facts. A firewall would have only stopped a few of the things you menthioned. A firewall is not a replacement for patch management. Keep the box updated as much as possible.

A firewall will definitely help though, and the Nokia is yours if you want it.

yes, never said it would. there's another thread here somewhere where i go more into detail. i've been around this stuff for a while. firewall DOES help protecting against the "brute force" attacks he was running, at least on the NetBios Port as there is NO reason to share this one with the world.

i'll gladly pay shipping! you rock ...
(IMG:style_emoticons/default/smilie_pokal.gif) Andy

Andy... just a curiosity quesiton....

Why is the netbios protocol enabled? I doubt it is needed for this BBS. Turn it off and block netbios at the router.

My DNS server is NT 4.0. It has not been hacked. Of course the ONLY port allowed to it is port 53.

[SirAndy]

Why is the netbios protocol enabled? I doubt it is needed for this BBS. Turn it off and block netbios at the router.

My DNS server is NT 4.0. It has not been hacked. Of course the ONLY port allowed to it is port 53.

first, no router. straight into the OCR pipe. well, of course there IS a router somewhere, but it doesn't belong to us (me) ...

second, NetBios is (was) enabled because the server is one of many in the colo and i have used it in the past for backups from other machines.
easiest way, set up a (password protected of course) network share and run a script at 3 am that does your backup.
werks like a charm and wouldn't be any problem at all if the 914club box was behind a firewall ...

i have netbios turned off right now until we get a firewall in front of this box ...
(IMG:style_emoticons/default/ph34r.gif) Andy