Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Hope you followed some basic op-sec rules, otherwise reporting it could fall back to you.
If you do report it, try to do it to the hosting provider, as the most one do not allow hosting illegal bit nets or gambling sites, also the owners of the hacked server (or their providers) usually likely like to be informed. -
@sbiewald no, checking access logs would easily find the company ip. Probably best we leave it alone
-
@Shardj let it be. Leave it alone for a few weeks, then from a VPN destroy everything, including the access logs. You have root access, so it's totally possible. It's not worth having anything come back to you for disclosing since you're identifiable, but with a VPN you have plausible deniability. Hell, give one of the members at devrant you trust the credentials and have them destroy it for you if you'd like. I can totally give them to the infosec president at my company who I have good relations with. He'd have a field day.
-
@Shardj If you follow @Techno-Wizard 's recommendation, be sure you access the "evil server" it over Tor then, and be sure to not accidentally sending SSH public keys of your machines.
-
@bkwilliams we didn't break into our own database...
-
@Shardj even so, it takes a lot of time to reconfigure the server and backups might not be a thing if they're clumsy enough for you to get root access without even trying
Related Rants
How a web application works
We just got into a malicious bots database with root access.
So guard duty gave us some warnings for our tableau server, after investigating we found an ip that was spamming us trying all sorts. After trying some stuff we managed to access their MySQL database, root root logged us in. Anyway the database we just broke into seems to have schemas for not only the bot but also a few Chinese gambling websites. There are lots of payment details on here.
Big question, who do we report this to, and what's the best way to do so anonymously? I'm assuming the malicious bot has just hyjacked the server for these gambling sites so we won't touch those but dropping the schema the bot is using is also viable. However it has a list of other ips, trying those we found more compromised servers which we could also log in to with root root.
This is kinda ongoing, writing this as my coworker is digging through this more.
rant
botnet
mysql