They Got Me!

Thursday, 22 Oct 1998

This afternoon, I was performing some tests on BO servers. A correspondent had told me about a simple trick to change a related filename, which I tested and immediately wrote up on my site.

In the process, I incautiously ran some default-mode servers for a few minutes at a time.

As far as I can tell, that's when it happened. Someone got in!

Whoever it was, was apparently friendly enough to leave a calling card. This evening, as I prepared to upload the products of the day's efforts to my website, I found in my local folder containing a "mirror" of my site, a single file called "readme.log." It chronicled my keystrokes, recorded by the BO server, as I worked on that webpage!

Well, I didn't make that log. Someone else did.

OK, whoever you are. You tagged me fair and square. I was foolish enough to open the door. Now be nice while I get my passwords changed.

It's a bit of a lesson for all, I suppose. That server wasn't open for more than 10 minutes or so, unless I somehow overlooked something.

Apparently, judging by a .tmp file I found that was created about the same time, the invader took stock of my website via FTP as well.

The lesson? Well, aside from "don't run BO servers," it's this: It doesn't take long to do a lot of messing around in somebody's system. Every minute may count if you're Orificed, depending totally on the intentions of your intruder.

pchelp