Sometime around 10am on Tuesday morning some individual gained unauthorized access to the server that houses both my web site and my e-mail. I actually didn’t notice it until nearly 2am early Wednesday morning. I should have been in bed and was indeed heading that way when I strangely decided to see who else was on the server at the time. I usually don’t care.
The server I’m on is shared among many users. So when I saw that I was not the only one logged in, it wasn’t a big surprise. What was strange was the other user was named “test”. To my knowledge, no one has that username. That got me a bit worried. “test” also didn’t show up in the list of user directories which also worried me. What sent alarms off in my head was the origin of the login. It appeared that whoever “test” was, this person was originating from Romania. Eastern European hackers are notorious for breaking into places they shouldn’t be. I couldn’t see exactly what he or she had been doing but I could tell they’d be idle for over an hour and a half. I could also see that they’d been logged in since 10am that morning. It kinda looked like they were using the server to gain access to other systems.
It’d been over 12 hours since they found some way into the server. I began to get concerned for my data and e-mail. About six years ago, someone else hacked into the server and deleted everyone’s e-mails. I didn’t want history to repeat itself but I had limited options.
It was already 2am and the keeper of the server, Stephen would mostly likely be asleep. I didn’t want to call him and wake him and his wife up. It would, however, be another six to eight hours before Stephen could be notified of the intrusion. It could be mere minutes possibly for the intruder to delete my entire web site and e-mails.
Cursing the fact that I should have already been asleep I decided to download as many e-mails as I could. It took about ten minutes and I decided to delete a few documents I had lying around on the server that contained things like my SIN. I then crawled into bed. I closed my eyes for less than a minute before I decided I couldn’t just lie there while some hacker was running lose in my server.
Instead of calling Stephen I decided to call the network operations centre where the server is located. This place is also where Stephen works. A network engineer is on duty 24 hours a day. The phone answered on the first ring. I explained the situation to the dude on the night shift. It turns out he knows Stephen.
He poked around a bit but in the end, his hands were tied. He had no access to the server because he didn’t have an account. He also couldn’t block the Romanian IP from coming into the server. It was nearing 3am so I had to resolve this quickly. I told him to physically walk over to the server and then turn it off. It’d be a crude solution but it’d be effective. The network guy asked if I knew where the server was located. I told him I had no idea. He explained that the facility he was in contained thousands of machines located on several floors. He had no map that would help him find the right machine. There was nothing he could do.
Damn. I thanked him for his help. He said he’d leave a note for Stephen in the morning. I had to go to sleep knowing I could do nothing.
I woke up groggy this morning to find that the Romanian had done nothing major over the night. My site and e-mail was still there. I decided to wait until I was at work to contact Stephen. When I finally got a hold of him, he was pretty surprised at my findings. He said he’d go look at it immediately. We hung up and I went back to my computer to watch him on the server. He logged in as “root” and he immediately did stuff that I have no understanding of.
In the end, he cleaned some stuff up and booted off the Romanian. The weird thing is, Stephen has no idea how that person gained access in the first place. We also don’t know what that person did while he or she had acccess either. Odd and perhaps a little unsettling.
This is what nerds do when they want to cause trouble.