There’s no question I got what I deserved. On a computer exposed to the full ravages of the Internet, protected by a simple software firewall, but with no surveillance software, anti-hacking measures, or automated surveillance, I created a simply named user account named with three lower case letters, with an equally simple password: the selfsame username.
A bot came knocking at my server, trying username after username, looking for accounts that had passwords matching the username, until finally it had a match. Not long afterwards, another visitor entered uninvited, this one moved by a human’s touch. A few deft operations later, and my server became a forced accomplice to nefarious deeds done to some foreign, unknown part of the Internet.
I have to give credit to my service provider, Rimuhosting. A couple days after the break-in, they informed me astradele.com had been compromised, having already diagnosed the problem and locked the offending account. The ensuing email discussion was quick and professional.
I backed up all the data to my home computer, and asked Rimuhosting to wipe the server. Based on my forensic analysis, it wasn’t necessary, as the intruder was using a normal user account, which was likely secured enough to prevent any really nasty foolishness, but as one of the Rimuhosting staff commented, my choice was prudent. I like to use events like these as an excuse to clean house and find better, faster, easier ways to accomplish what I had previously.
An entire Sunday was spent remotely rebuilding my server from the base image. Some of it was spent on “better ways”, but most of it was spent on improving security – more in a later post.
Aside from the initial email from my service provider, however, the rudest shock was when I routinely checked my account information and saw the image below (my normal use is less than 2000 MB per month!):
