+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 23 of 23
Coding Thread, Urgent Help Plz in Coding and Web Development; You also need to wipe and reinstall your machine(s) from your last know good backup. As your entire system is ...
  1. #16

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223
    You also need to wipe and reinstall your machine(s) from your last know good backup. As your entire system is compromised, you can no longer trust it.

  2. #17

    Join Date
    Feb 2008
    Location
    Stevenage, Hertfordshire
    Posts
    111
    Thank Post
    3
    Thanked 8 Times in 5 Posts
    Rep Power
    14
    you also need to look into securing sensitive data on removable storage!

    that is then secured itself.

  3. #18

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,855
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    181
    And into the details of the Data Protection Act. Depending on your setup and activities you may find that you are also liable for not looking after the data entrusted to you adequately.

  4. #19
    greenfieldsupport's Avatar
    Join Date
    Mar 2007
    Location
    Newton Aycliffe, Durham
    Posts
    240
    Thank Post
    14
    Thanked 3 Times in 3 Posts
    Rep Power
    15
    I second views of people who have already posted.

    The game is of your least priority.

    Archive any logs you may have, as well as his ip's and a backup of your forum / game.

    Take the machine down.

    Remove it from the internet and restore it from a backup.

    I imagine your problem may have been that you use the machine that all of this is hosted from ( as a user ) Ideally you should use a separate machine, or at least a user with rubbish privileges. Your machine SHOULD NOT be in a DMZ. your NAT firewall will offer you some protection but you should only forward ports necessary for the services you require.

    You do have an obligation to your users to explain that your website / server has been compromised.
    you will have to reset their passwords and give them the new ones, and you will have to warn them they should really cycle all the passwords they have associated.

    Mr script kiddy just needs to try stuffing some of the e-mail addys / password details into paypal, and then bad things could happen.

    What game is it that you host? I may be able to give you some pointers...

    but back to the basics.

    Contact your isp / the authoritys
    Inform your users of the problems,
    Take the machine down,
    Restore from a known good backup,
    Cycle all important passwords (anything without pleb access)
    Implement a hardware firewall
    or even a software based one if you have to but ensure your machine is not in a demiliterized zone.

    Change ports of services you dont need the public to access. even just adding numbers to the front so
    FTP : 21 > 57021
    SMTP : 25 > 57025
    POP3 : 110 > 57110

    Hope this helps abit...

  5. #20

    Join Date
    Nov 2007
    Posts
    51
    Thank Post
    8
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by contink View Post
    Can I assume from your comments that you're hosting a game server on a machine at home via your ADSL or cable connection?

    Can I also assume that you haven't protected this machine using a firewall or locked down the ports to the absolute minimum?

    If the question so far is "no", your really need to spend a bit of time learning about hardening your server and look to invest in a firewall... smoothwall will do an excellent job if you can find an old box from somewhere to host it on.


    As to game servers, can't help much....

    But your primary concern at this point is to notify ALL your game users that their details have been compromised and to start changing passwords on ALL their forum, online banking, etc... accounts. You can bet most of them will be using the same username/ID and password in a plethora of places so if their password (even the hash) is compromised it's only a matter of time before things like ebay, paypal, etc... start getting hacked..

    They will also need to check their AV and malware security, firewalls, etc... because you can bet your script kiddie hacker/cracker is going to be having fun with trying to crack their home PC's, email addresses and all the rest.

    In truth your game is currently the last of your problems... Some serious warnings to your users and a lot of reading up on security, etc... is a priority now.
    Yea im running it from home as i cant afford hosting yet. Ive got Widows Firewall and ive only got the ports i need open on the router. Ive got AVG aswell.

    Ill contact all my members now.

    Brendan

  6. #21

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,855
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    181
    This wouldn't be your Runescape server would it?

    Windows Firewall and AVG really aren't going to cut it. Not if you insist on opening laden attachments anyway.

  7. #22

    Join Date
    Nov 2007
    Posts
    51
    Thank Post
    8
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Yea it is my runescape server. And i havent opened any attachments.

    Brendan

  8. #23
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,790
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    117
    Quote Originally Posted by Warren-Plus View Post
    Yea it is my runescape server. And i havent opened any attachments.
    I'm afraid whether you have or you haven't windows firewall and AVG as your only security measures had my mouth hanging open in dismay.

    I could butter it up some for you but really I think you've just learned a very harsh lesson in reality. That the system is your main machine means you've left yourself even further at risk.

    If you've every done anything even remotely ecommerce related (ie: bought off of Amazon, paypal, etc...) I would strongly advise you to consider calling your bank and any card providers and ask them to re-issue cards... Assume basically they your entire life is compromised and start over. You really can't be too careful.

    Then take a long hard look at firewalls (not just software ones, look at hardware too) as a starting point to securing your network connection. As Geoff said, wipe your machine and start over, completely. I'd also look at a completely seperate box for hosting your game server if you decide to return to that...


    I think to provide an analogy... You've done the equivalent of walking into Harlem with a biiiiiig bag and a 15 foot sign on it saying "I have a million dollars in my bag, I hate black people and I'm carrying a fake rubber knife for protection... Rob me!".

    That probably doesn't even go far enough to be honest... But hey, you're still alive and it's an analogy so you can always learn from it

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Urgent: Need a UPS
    By Oops_my_bad in forum Hardware
    Replies: 10
    Last Post: 23rd January 2008, 02:29 AM
  2. Please Help URGENT
    By gibboap in forum Hardware
    Replies: 18
    Last Post: 6th December 2007, 11:27 PM
  3. Urgent: NEC VT58BE
    By wesleyw in forum How do you do....it?
    Replies: 3
    Last Post: 20th May 2007, 03:47 PM
  4. Urgent screensaver
    By Grommit in forum Windows
    Replies: 5
    Last Post: 31st October 2006, 12:57 PM
  5. urgent need IE7
    By russdev in forum Windows Vista
    Replies: 8
    Last Post: 19th December 2005, 12:03 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •