Hackers Question

[rosseyerie 161]

Sorry to hear about your hackers...

 

I'm studying this stuff in school... but I've never really been exposed to this in the real world... I'm curious... can I ask about your back up practices? Like frequency of backups? Medium used? Type of RAID set up?

 

Is that too confidential?

[mod 135639]

This was moved from http://www.cerb.ca/vbulletin/showthread.php?t=39795 the thread about the site going offline as this is a tech question so I felt it would be best asked over here.

 

I use a simple raid 1 setup (Mirroring) for the disk that has the database.

 

We use a backup system that backs up incrementally every day and once a week it does a full backup and uploads the backup to a NOC server. ("NOC" stands for network operations center and is a server that is not online but only accessible on the local network)

 

We use a crontab to repair, optimize and then backup the Database fully once a night with a database dump. This backup is gziped then uploaded to the NOC server as well.

 

The NOC server stores backups for a LONG time so we could go back a few months if needed and do a restore from sometime in history. The NOC server also uses raid 1 mirroring just in case.

 

Most malicious "hackers" we see are spammers. They only really have two two goals...

 

1) Spam.

 

2) Infect malware/spyware/trojan

 

so you have the hackers who try to take over your server and use it to send 10000's of spam emails.

 

You have the guys who run bots to post SPAM posts on forums like this one (Some get creative and find ways to circumvent the security but really they are wasting time on boards that are moderated well)

 

you have hackers who will infect a server with a script that will add hidden links to all the website pages. When someone views the webpage it will try to redirect them to a site that could infect them with a virus/trojan/spyware/malware/etc... or they upload the script to the computer that infects them directly from the actual hacked server. This usually gets popular when a new web browser exploit is found that allows a hacker to install a script into someone computer without them agreeing to the install. Usually some sore of spyware or malware is most common.

 

Finally we have "script kiddies" these are more of a annoyance usually then anything else but the occasional one sometimes gets lucky with a server or two where the admin has some weak password. Script Kiddies are the amateur hackers (Usually just learning) who run dictionary scripts on passwords. So if you check the server logs you see 100's of attempts from someone just randomly trying passwords. Software like APF/BFD stops these guys and sometimes they cause the server load to increase so it's good to keep them off the servers too.

 

Script kiddies like to do stuff like SYN flood attacks (DOS Attacks) too. In order to do this and not get caught they need to first hack a few servers and use those servers to attack the one the hacker wants SYN/DOS attacked (or a trojan/virus/Worm on enough computers with a time where these unsuspecting computers would all attack a specific server).

 

If they were silly enough to try to DOS/SYN a server using their own computer the ISP they use would quickly terminate the internet service on them and shut them down... a lot of people get virus's and the ISP they use (rogers/Bell/Etc..) detects that they are SYN/DOS attacking someone or sending 1000's of SPAM emails and the ISP closes the account. The account owner often does not realize his/her computer has been infected and is doing all this in the background. They just notice the internet seams slow.

 

So anyone out here with a PC that does NOT have a up to date antivirus... you need to get one as you guys/gals who don't run antivirus and use windows are the biggest cause for our (system administrators) headaches usually.

 

Hope that answers your questions... and more.

[Ladylover0817 100]

Ah but should we metion the whole white hat versus black hat hacking too? Of course then we'd have to get into the whole soft/hard/wet-ware (posting this on cerb just shed a whole different light on that meaning! Lol) aspects too...

 

Well said on the keep anti-virus up to date mod!

Posted via Mobile Device

[mod 135639]

Antivirus is for windows based machines! We live in a *nix world here.

[Ladylover0817 100]

Antivirus is for windows based machines! We live in a *nix world here.

Not to worry mod I meant the pc world w/the keep anti vir updated.

Posted via Mobile Device

[wendigo 687]

Mod,

 

Cool to hear a bit about your server setup! Over the past year I've been putting my clients on virtually hosted servers - backed up on other services of course depending on how important the client's data is. It's generally given me way fewer headaches and reduced my costs, especially taking into account the time and expense needed to physical administer my own hardware. That being said, I'm thankful that you're running your own server for this site, given the sensitive nature of the material. And yeah, *nix rocks!

 

Thanks for all the hard work you put into running this site, this coming from a guy who knows just how difficult the job can be!

[Ladylover0817 100]

Yes *nix is awesome any of you by chance know how to make a ps3 run Lin without negating online ability?

Mod - sorry I know not best forum for this post but you guys seem to know you stuff and didn't want to polute your board!

Posted via Mobile Device

[mod 135639]

Many forums exist for hardware hacking a PS3. Probably best to search and ask on those.