|
|
|
|
| Author |
|
|
Registered
Join Date: Oct 2003
Location: Roseville, CA
Posts: 3,066
|
My turn to wear the dunce cap...big time
Some of you may not follow all this, just know the point of the story is I was a BIG idiot.
My job requires me to interact with an internal server but our customers log into it from outside our network so I do a lot of testing from my home server to test incoming connection. I needed a Windows 7 machine to test some things so I grabbed the free virtual hard drive from Microsoft and created a machine on my server. The VHD is clean and they give me (everyone) the same administrator password, with the idea that even a complete moron would at least change the admin password.... except one  I set up my own admin account and completely forgot to change/disable the built in account. Normally this wouldn't be a huge deal except I had to open remote desktop to log into it from work. I was working away a couple days ago and then kept getting kicked off by the "administrator". So I logged in and as I'm typing the default password, it started to dawn on me what happened. When I got on, there was a directory open transferring files that had a ton of Russian text in the names. Yep, took the hackers less than a week to find my open port and figure out the damn admin password was still default  I quickly shut down the machine but I'm sure damage was done. This morning I found out someone hacked my Hilton account and took most of my points. Luckily Hilton is giving them all back, and I'm actually pretty sure this is a coincidence since one of the stays they made was on September 25 which is the day before I created the machine, but still weird. Also luckily I use a password manager that makes it very easy to quickly change all my important passwords, but I get to spend a bunch of time this weekend cleaning up after this mess. Lesson learned...CHANGE THE DAMN DEFAULT ADMIN PASSWORDS!!!!!! 
__________________
1992 968 Polar Silver 2010 Toyota Highlander SE 2006 Lexus LS430 ML |
||
10-02-2015, 08:31 PM
|
|
|
Slackerous Maximus
Join Date: Apr 2005
Location: Columbus, OH
Posts: 18,205
|
Yup. I'm a networking(MSFT/Cisco) guy by trade, but these days I'm doing Ruby on Rail development. If you're going to include a boolean operator in your users table, I would humbly submit that you call it something other than....wait for it....:admin.
__________________
2022 Royal Enfield Interceptor. 2012 Harley Davidson Road King 2014 Triumph Bonneville T100. 2014 Cayman S, PDK. Mercedes E350 family truckster. |
||
|
10-02-2015, 08:51 PM
|
|
|
?
Join Date: Apr 2002
Posts: 30,582
|
I used to wear many hat's too: Systems programmer, networking, design, firewalls, etc. for major corps that were under constant attack. Don't do that no more....
I forgot one hat: pointy  Bet you don't do that again
|
||
|
10-03-2015, 03:53 AM
|
|
|
non-whiner
Join Date: Aug 2012
Location: Slightly right of center
Posts: 5,235
|
I downloaded Java this morning. Can't really start my day without it.
__________________
"Too much is just enough." Last edited by mreid; 10-03-2015 at 05:31 AM.. |
||
|
10-03-2015, 05:12 AM
|
|
|
Back in the saddle again
Join Date: Oct 2001
Location: Central TX west of Houston
Posts: 56,331
|
Not exactly the same situation, but I used to remote into my home PC from work. I set up the firewall to only allow the RD connection from my work proxy IP. I didn't want the whole world having a shot and getting into my PC. I would think you could do the same thing whether it be limiting your work PC RD from your home IP or if the IP changes often, you could at least only allow the RD connection from the subnet that your DHCP address comes out of. Even if you don't have access to the corp firewall to do that, you could always use the firewall that's built into Windows. It's better than nothing.
__________________
Steve '08 Boxster RS60 Spyder #0099/1960 - never named a car before, but this is Charlotte. '88 targa  SOLD 2004 - gone but not forgotten
|
||
|
10-03-2015, 06:10 AM
|
|
|
Registered
Join Date: Oct 2003
Location: Roseville, CA
Posts: 3,066
|
There is, figuratively, a list of 1 million things I could/should have done to prevent this, and I skimmed right past all of them. My sys admin friend said I probably didnt get attacked earlier because if it were him, this was SO wide open, he would have thought it was a trap
 So far I think the damage was limited, luckily this server is on a separate sub-lan than my others at home, but the real danger is I have Firefox setup to sync all my stuff, and it did on my personal admin account, so they may or may not have got to that. Its somewhat encrypted, but doesn't make me feel better. All passwords to important stuff are changed, now I just sit back and hope my money is still in my accounts every morning! I knew some of you all would get this, I try to tell my wife what happened and she gives me that blank stare...
__________________
1992 968 Polar Silver 2010 Toyota Highlander SE 2006 Lexus LS430 ML |
||
|
10-03-2015, 07:53 AM
|
|
|
|
Driver, not Mechanic
Join Date: May 2013
Location: SF Bay Area
Posts: 3,011
|
I just got an email from Scottrade that my information was compromised two years ago. Damn.
|
||
|
10-03-2015, 08:31 AM
|
|
|
least common denominator
Join Date: Aug 2001
Location: San Pedro,CA
Posts: 22,506
|
So... you are telling me "password" is not an acceptable password?
__________________
Gary Fisher 29er 2019 Kia Stinger 2.0t gone 1995 Miata Sold 1984 944 Sold I am not lost for I know where I am, however where I am is lost. - Winnie the poo. |
||
|
10-03-2015, 09:30 AM
|
|
|
Registered
Join Date: Oct 2003
Location: Roseville, CA
Posts: 3,066
|
Whoa there Scott, I'm not an idiot (contrary to my first sentence
). The default admin password was not "password"... it was Password1
__________________
1992 968 Polar Silver 2010 Toyota Highlander SE 2006 Lexus LS430 ML |
||
|
10-03-2015, 12:55 PM
|
|
