Re: Well it finally happened

**webman** · 17th April 2007, 09:40 PM

Originally Posted by Midget

so it's a standard thing from RM to have "removed" then?

Yes. But there's no excuse for people ignoring RM's advice and common sense of changing these ASAP

**eejit** · 17th April 2007, 09:41 PM

Guys, probably not a good idea to list those default passwords here.

**tosca925** · 17th April 2007, 09:56 PM

Guys, probably not a good idea to list those default passwords here

Probably not a good idea if you have these default passwords still any how.

**mmoseley** · 17th April 2007, 10:05 PM

Well i must admit, i used to "PLAY AROUND" with the network we had at school, and i must admit the techys we had always used to know it was me (and another friend), We NEVER did and i personally never would do anything malicous to the network that was never my intention it was basically find the loopholes in the network and stop other users doing the same, which the techy's appreciated!

Must admit though paying the students a few quid to grass on there mates is a brilliant idea!

**fooby** · 18th April 2007, 12:03 AM

I think it might be an idea to set passwords to words that people really wouldnt want as passwords, im thinking passwords such as bad swear words etc. I would think that people might want to change these. Or default passwords such as "vCF&£g45n" that might wind ppl up enough to change. Or potentially secure enough to leave (as long as its undocumented)

fooby

**phreak** · 18th April 2007, 08:03 AM

Sorry to hear about it Gambit. It's horrible when that sort of thing happens.
And you would have thought that a password that is telling your to change it would make some people think to change it but thats not always the case. I think RM should put some sort of "Force change of password after a few logons" rule for their admin passwords, but alas that would not help you now.

As well as doing all those other things the guys have suggested I would actually recommend running a couple of anti-spyware and virus programs as just one of each does not always cut it. Use some of the freeware ones like Spybot and Avast.
Also, if you think there may still be backdoors in the system then maybe try setting up a honeypot trap to see if anyone goes for it. I would use something like Helix Linux boot disk to do this. Alternatively if the server is severly comprimised then it might be quicker to just start again from scratch with it. Still.. better you than me. :P

Oh, and you might want to take a copy of some of the more relevent logfiles if you haven't already done so before they start to overwrite themselves with newer logs.

**Geoff** · 18th April 2007, 09:02 AM

If the police are involved, they will probably take the DC as evidence.

Therefore, you need a full backup from prior to the incident and some spare hardware to restore to.

While were here, I'd like to remind everyone of the Enterprise best practises security guides available on Technet.

http://www.microsoft.com/technet/sec...risesecbp.mspx

Further help and assistance can be had in the Security forum for anyone who wants it.

**tarquel** · 18th April 2007, 01:21 PM

Originally Posted by eejit

Guys, probably not a good idea to list those default passwords here.

Quite right.

done

Whether people should change default passwords or not, it's one I've seen in alot of things, and people are imperfect so accidentally leaving a default password can happen.

Nath.

**_Bat_** · 18th April 2007, 02:01 PM

I can understand the point of removing the passwords, but personally I am not sure if it is worth it. I imagined myself in a position of a malicious student trying to hack into my school network and my immediate reaction was to to do a google search using terms related to the above discussion. Guess what? The very first result gave away all

. If I can do that within 10 seconds, I'm sure other people can as well

.

**Geoff** · 18th April 2007, 02:14 PM

I could mention something about 'Security' and 'Obscurity' at this point. But I'm getting bored of repeating myself.

**Lee_K_81** · 18th April 2007, 02:17 PM

a search for rm admin password gives the following website as the 6th result:

http://www.virus.org/default-password/view/R/1/

default passwords for as many pieces of software as they can get. Whilst i agree that it may not be best practice to list sites such as this, or discussing the default passwords, doing to serves a purpose; reminding people to change the basic password. The information is out there for students, discussing it in here is more likely to get the attention of NMs / techies so they can tighten up security. Listing the password may make somebody sit up and think "oh, i thought that password had been set specifically for us, i'd better change it."

**NetworkGeezer** · 18th April 2007, 04:04 PM

Originally Posted by Geoff

http://www.microsoft.com/technet/sec...risesecbp.mspx

Ever thought you'd see the day when Geoff would refer other users to Microsoft for security best practices.

Next thing you'll know Bangladesh'll thrash Australia at the Cricket World Cup

**Geoff** · 18th April 2007, 05:29 PM

Well they did write (most) of the operating system, so it's either them or the NSA

**GrumbleDook** · 18th April 2007, 10:30 PM

Ah ... the good old NSA IIS4 hardening white paper ... those were the days!

LinkBack

Thread Tools

Search Thread