Whew the server is back live. Had some problems which I hopefully cleaned up. Mostly stupid configuration problems on my part.
Actually take one part general insecurity of the internet, one part windows nt security holes, one part laziness on my part, and one part stupid misconfiguration, and ouila, you have what happened to me. First of all my system was identified as a valid NT server by the various profilers that are running on the internet and my IP address was stuffed away into all the profiler databases. Then all the standard tools were run against my server to find potential exploits and many were found — mostly because I didn’t keep my server up to date on security patches and lockdown tools. Then I screwed up and let anonymous users write to my FTP server.
Nothing particularly malicious happened, some folks just used my server as a staging area for some pirated PC software and some pirated gameboy advance software and some pirated music. I have a large disk drive, I didn’t even notice the usage for a couple days. Then as I was doing some directory maintenance I noticed some unusual directories that I had not created. A little investigation of the directory contents and logs and running tasks and ports in use on my machine let me know I had a problem and so I yanked the net tap. After investigating all the issues for a couple days, I concluded the best thing to do was to reformat the drives and reinstall Windows NT with all the latest patches and lockdown tools. And also tighten up the firewalls between my server and the open internet.
Thankfully my website content is actually stored elsewhere and just propagated regularly to the server so I didn’t actually lose any content. Just some time. And I learned some great lessons along the way. In a strange way it was fun.
Glad to be back tho…