[NBLUG/talk] My sad VPS story

micxz micxz at micxz.com
Wed Jul 13 23:07:42 PDT 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> As requested, the slides from my talk last night are posted on my website:
> http://frankb.us/virtual

Cool thanks for that Frank.

I'd like to share my sad story of moving from dedicated server to VPS
at Hostgator. It's slightly off topic (re-threading) and a long story
so I will give you guys the short version:

- - I purchased a VSP server
- - Tried to migrate my sites/mail etc with Plesk software that failed
- - Because the failed migration messed up the Plesk database my
provider said the only way would be to re image the VPS.
- - After re-imaging there was an issue with mysql password.
- - A Linux admin at my provider logged in reset the pass without
restarting the server normally.
- - I was unaware of this as I continued to work on migration.
- - For just over 24hr mysql was running (skip-grant-tables) with a hole
in the firewall for all public to access.
- - Someone updated the admin password for Plesk setup a cron job for
root to create user "sendmail" with uid 0 and logged in and proceeded
to install a rootkit!

If you would like the long version you can view it here:
http://www.linuxquestions.org/questions/linux-security-4/more-than-one-uid-0-centos-plesk-10-x-889593/

A week of real stress having to deal with the compromise, migration &
explain this to all my clients. I've been hosting for many years this
is the first (hopefully last) for me actually getting r00ted. My
provider has apologized many times over and has credited my account
for months to come. I felt violated. Anyhow thanks for listening and
now it's back to R/L.

- -- 
Micxz
0100110101101001011000110111100001111010
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJOHoetAAoJEIX7JFHPOvjWItEH/0vvWEpDAkZx29ATYAC+KWIH
3R2gYxbG/mPWqbjx5w9qIXrLH276b662FhGVFZPad8InvSF7n4YFvbYY4TIP0QaV
J+C9L7qBr/pn4ucR8coVJ5BfH/6Lt7QvIgoJLlw94abEYYP3bJ5klU5TwBgzAdHl
bMmIhNBq6jbmn3Q3GsAw8X605VnjNoKxcgLLyw+9D7DWWJuJQXsLpHFUkkQqhS0V
i6zqn8xCwm2WmX4IZJEP/NrdLCcM3oldLrSFkfggSkM8WhnuQmRzIUGl4dOSCcFU
MLSr89YbjwHJR+V71axsoNTLxfWvIdj8f9WfdVOH7aYU1DQX1hsk04FMB6BYvm0=
=T+9R
-----END PGP SIGNATURE-----




More information about the talk mailing list