garys_2kPremium
join:2004-05-07
Farmington, MI Reviews:
 ·Callcentric
·Future Nine Corp..
1 edit | reply to elias
Re: [Hacked] DarkMailer? Can't find it right now, but an earlier (but not very old, maybe a couple of rev's back) version of VNC would allow logins with NO passwords, no matter how the server was configured. This was just recently fixed. That's my bet on how the box got owned.
Edit: Might as well run it through the steps in here, too: »Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance |
|
ghost16825Use security metricsPremium
join:2003-08-26 | Yes, it's quite likely this was the source of the compromise:
»VNC Flaw
--
The previous signature has been removed due to recent and continuing website "ownership" issues. |
|
 eliasPremium,VIP
join:2000-07-24
Miami, FL | reply to garys_2k
said by garys_2k:Can't find it right now, but an earlier (but not very old, maybe a couple of rev's back) version of VNC would allow logins with NO passwords, no matter how the server was configured. This was just recently fixed. That's my bet on how the box got owned. Edit: Might as well run it through the steps in here, too: » Security Cleanup FAQ » Mandatory Steps Before Requesting Assistance Yes, I now do believe that VNC was the culprit, especially after checking the logs. It seems to show an IP address that kept connecting to VNC.
I asked my GF, and she hadn't connected to her computer remotely (yet) which means her computer wasn't "locked" at the time.
I downloaded the latest version of VNC, but am no longer running it as a service. This time I just made a shortcut to the server on the desktop, so that if she needs help, she can just launch it as needed, and then close it when finished.
I also closed the VNC port on the router. I will open it as needed, and not on the default port number.
--
My Webmaster Gig | Crunching the Midnight Oil |
|
