Merrioc

I will keep this brief someone hacked one of our servers and proceeded to delete the entire file system. I have filed a police report, but after meeting with the computer crimes division I was told I have no case since the IP of the attacker was from Intuit Inc corporate office in California (I am in California also) and could be ?anyone?. Though I have pounds of circumstantial information (all logging was done through NFS to a different box), I can?t prove ?who? was at the terminal when it occurred. I was put out of business by this action as well as destroyed year?s worth of work (don?t tell me about backups this WAS the backups). The police informed me that I may have a civil case. Suggestions? Lawyer recommendations?

LiveDose

Kill the fucker.

No, seriously.

NTSS

If the police investigate thoroughly, they should be able to find out exactly who did it. Sounds like they are not up to the task.

__________________
ICQ: 150-803-430
Email: marketing7(at)cox(dot)net

wdsguy

you are screwed if they can't figured out who it is. Most likely the hacker was at a remote location and went through the attacking box.

naitirps

My guess is a box at intuit was compromised and was just used as a route... also, the intuit box is already destroyed or cleaned most likely. do a reverse on it, or a trace, try to determine if its a core file system box of theirs such as a mail server or something of that sort... chances are it was compromised as well.

sucks bro, sorry for your loss - how did they get in?

__________________
Programmer
ICQ 44035273 | AIM spritwork | Email spritian at spritian dot com

wdsguy

have you tried contacting the Intuit system administrators for help on this? they might have some logs that might be helpful. If this was a backup machine, why was it connected to the net?

Merrioc

In orange county California there is 1 (yes one) electronics crimes investigator. There is nothing to investigate. I know who did it (it was my former webmaster) he had a backdoor acct I was unaware of. I know he consulted to intuit at the time in question. I also was hosting his girls personal site. Basically it went down like this. His home PC logged into the FTP deleted her info (1 day before he had copied it to another server again its in the logs) went to lunch came back logged in again, copied the DB, logged out. Then only hit to her site that day not from his home IP, was the one hit from the intuit ip. 57 second later he logged in via ssh on the same intuit IP and did a rm ?rf / sudo command. There were no failed attempts at any point from the ip. It wasn?t brute force, and he used the extra acct that shouldn?t have been there.

Merrioc

I was in the process of consolidating and moving all my webservers. I had 6 servers at different datacenters around the country, I got a sweet hosting deal and was centralizing my servers. All the sites, DB, applications were being copied to this 1 box, which was the new box at the new datacenter, and was going to be the backup box. This happend litterally RIGHT after I had just finished the last server transfer.

Alky

lol.... i dont get it... dont tell you to backup because they were the backups, but you had all the logs mirrored onto another server. seems like your priorities were a little screwed

Merrioc

the system is 3 hops down on there IP block, possibly a server, but again, he did custom dev for them at that time frame so he was working on the server, I doubt it was a compromised box.

as far as the logs; no I just finally met with the Investigator today and I didn't want to contact them tell I knew if the police were gonna do anything or if I had a civil case.

Merrioc

my god Alky your right... well that just solves all my problems I feel so much better now.

kernelpanic

With that kind of police statement, you won't have grounds.

__________________


ZangoCash - Turn Your Traffic Into Ca$h.
$.40 Per Install - No Tier

woj

if he only did rm -rf / it should be possible to recover all the data by the way...

__________________
Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000
Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager
Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager

Merrioc

police took the drive as 'evidence'
also it was a ReiserFS file sys not ext2/3 don't know how to recover it. If it was ext3 yea easy

sudo: merrioc : TTY=pts/4 ; PWD=/ ; USER=root ; COMMAND=/bin/rm -rfd

stev0

Someone hacked my server and replaced all of my links with their CeCash affiliate liniks a while back... I reported it, but unfortunately I never heard back...

V_RocKs

If he was in the United States (and still is) hit me up at v[at]weasel.net. I can be of help to you.

V_RocKs

BTW, I am kinda fucked up right now, I will get back to you in the morning or afternoon PST

SpikeTheJock

My site got hacked once - some hacking group from Brazil deleted all the content.

decrypted

google iptables and deny ssh from anyone except ur ip

__________________

Konrad - ICQ 59416956

buddyjuf

really sorry to hear what happened dude

BukkakeBrown

that sucks dude, i know how it feels

__________________
We are the only "Napster of Porn" and
we convert at 1:20 Test out promoting
us to your mainstream, adult and email
traffic, you will love promoting us!

FilthyRob

That sucks dude! I feel like I am hacking myself today. I have deleted 1000's of my own pages.

__________________
AKA - Clubsexy

mikeyddddd

Sure you can sue. Remember OJ? He was found innocent in criminal court, but liable in civil court.

__________________

iwantchixx

worst part is, if you went and punched the fucker the cops would be right there toa rrest you.

The law is fucked up sometimes. It doesn't take internet business seriously unless it's a fortune 500 company.

kernelpanic

Get the drive back from the cops and take it to data recovery specialists. Provided the cops didn't fuck it up, you can get most of the data back

__________________


ZangoCash - Turn Your Traffic Into Ca$h.
$.40 Per Install - No Tier

warlock5

Does he have any assets you can go after?

Merrioc

I don't want to go after him, I want to go after intuit since it was there IP on an ADSL line (so I REALLY doubt its a server)...

I don't really care about him, he doesn't have enough asset to be worth my time... I got his best asset anyhow... his girl