Home server got hacked into by Russians!?

MG42Maniac

MG42Maniac

MG42Maniac

Associate
Joined
28 Jan 2005
Posts
1,842
Location
Lymington
Hello All,

I've got a home server that I use for Plex and general data storage. I normally secure it with a decent password. I needed to give a friend access to it and rather than create a new account I just temporarily changed the password. I changed the password to "Password1", in hindsight this was incredibly, incredibly stupid but it was late and I was in a rush. I had a busy weekend with weddings and BBQs so forgot to change it back after he used it. I loaded it up this morning and saw a load of chrome tabs open. I've checked the internet history and found this:

5af78n.png

1440f92.png


I've had a look around and have the following preliminary findings:
  • No data has been deleted (phew!)
  • They have not accessed any of my files
  • They have accessed a Russian supermarket, can't tell if they have successfully placed an order.
  • I don't have a Barclaycard or Santander card so not sure what they were looking for there.
  • I've checked my PayPal, can't see anything dodgy.
  • I've checked my bank account, no pending transactions.
I'm hoping that the server was access by some form of bot trying out an automated script that failed because I don't have any of the credit cards theytried but I can't be sure. I let Chrome store some passwords but nothing banking related.

I've changed the Server logon password back to something more secure. I've also changed the password on a lot of different websites. Other than that is there anything else I need to do?

Suffice to say I won't ever be using "Password1" as a temp password :o
 
have you ran any malware scans and virus scans to make sure nothing was left behind next time you login to any of your websites?
 
I would nuke the OS and do a clean install. You have no idea what stuff the guy has buried on the machine, I'd be amazed if it wasn't hooked up to a botnet.
 
Yeah I'd reinstall too, quantine the files off and connect to an isolated machine. Scan the bejesus out of them before reattaching to the built machine.

I reckon that is a bot too, either way I'd be investing some time in resolving that security problem and changing things like your inward vector. Like port number, transport type etc.
 
Guess I am reinstalling Windows then. Thankfully server is running an 850 Evo SSD and a 152MB internet connection so shouldn't take too long.

Thanks for the advice :)
 
Definetely a reinstall.
I've had problems with someone hacking into my PC, they had a remote desktop setup somehow and I lost control of everything on Windows level.
Had to format all my drives, lost a lot of data as well.

By the way, make sure to change all your passwords and make them as hard as possible.
That include bank accounts, emails, forums, facebook, twitter, everything.
I learned my lesson and now I am changing my passwords every 2 weeks - luckily I have very good memory for long strings of gibberish so I have no problems remembering them all :)
 
I have a licence for Windows 8 pro. To save me going 8>8.1>10 can I use the USB Media creation and install 10 fresh? I would create the media on another PC to minimise the risk of catching a virus.
 
Also use something like lastpass to randomise all your passwords and store them securely. Then you don't have anything saved in an insecure place like the browser.
 
I keep all my passwords on a separate password protected spreadsheet, on a bitlocker flash drive, as well as anything confidential...

That way if i ever get hacked, there's nothing they can steal. Only plug in the bitlocker drive when i need it. A little more work, but piece of mind.

Bitlocker drive gets backed up to a separate external bitlocker protected drive (again that's only ever powered up when doing my backup) using robocopy.
 
You must log in or register to reply here.
Back
Top Bottom