missing files
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: missing files

  1. #1
    Senior Member
    Join Date
    Apr 2005
    Posts
    123

    missing files

    Hello everyone.
    I have a server (file server), that is disappearing some files, such some important folders, i guess its not a virus, because the anti-virus server those not acuse anything, and the folders that are deleted are very important, the less important files are not missing. So my best guess is someone inside the company, that knows what to delete to injure the company.

    I would like you guys to point me a software that is able to create logs of the deleted files and folders, access, modifications, stuff like that, i have tryied the auditor from win2003 server, but i don't think i logs the deleted files.
    And i want this logs to tell me, how is the login that is deleting files.

    Thanks

  2. #2
    AO Guinness Monster MURACU's Avatar
    Join Date
    Jan 2004
    Location
    paris
    Posts
    1,003
    I am fairly sure that by activating the audits on the server you should be able to see who is deleteing the files. It should be shown in your security log file. You should only activate the audits you need, in this case file deletion, or your logs will fill up fairly quickly.
    \"America is the only country that went from barbarism to decadence without civilization in between.\"
    \"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
    Oscar Wilde(1854-1900)

  3. #3
    You may also want to take an audit of permissions and users within your organisation. If you have someone deleting files there is a good chance they don't have a legitimate need or business requirement to access them in the first place. An audit of who can access what may reveal the answer as to who is deleting these files if you see some permission that users shouldn't have. It is also a reasonable practice to undergo if you experience these sort of events too.

  4. #4
    Senior Member
    Join Date
    Apr 2005
    Posts
    123
    My big problem, is the person that i suspect, it must have access to all of these files, i will try to use the windows audit
    Thanks all

  5. #5
    You should think about what happened, then you should scan comstumer's Ip and track them all download and think of where it would mostlikely be.

  6. #6
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi yuris

    You should be able to set user permissions so that they can access files and folders, but not delete them.

    You should have done this in the first place, as no user should have access or authority in excess of that which they need to perform their job. I would recommend that you review your security model in some depth.

    Remember that most of the user created problems you come across are a result of errors and ignorance rather than malicious intent. It is your job to make sure that they do not have the opportunity.

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  7. #7
    Junior Member
    Join Date
    Jul 2002
    Posts
    5
    We use a package called Undelete on our file servers, keeps the files so that they can be recovered easily and also lets you know who deleted them www.undelete.com.

  8. #8
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Just read this

    http://www.pcmag.com/article2/0,1895,1842335,00.asp




    What it does: Killfiles is the simplest sort of Trojan horse, a Windows batch file that deletes specific key system file. It is sometimes used by other Trojans to disable a computer. Killfiles is not a widely-distributed threat.
    Could it be????

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  9. #9
    Make sure you disable/delete any default accounts that are not in use from installation (i.e. user, administrator, etc.). This provides a simple loophole for someone to just get in and do whatever they want based on someone else's oversight.
    And so at last the beast fell and the unbelievers rejoiced. But all was not lost, for from the ash rose a great bird. The bird gazed down upon the unbelievers and cast fire and thunder upon them. For the beast had been reborn with its strength renewed, and the followers of Mammon cowered in horror. -from The Book of Mozilla, 7:15

  10. #10
    Senior Member
    Join Date
    Apr 2005
    Posts
    123
    This is a person who works here that is deleting, i don't have any virus, or worms. I didn't have a security breach. I suspect of a person, because she is an "ignorant" in computers, maybe by mistake she deleted those folders, but din't warn me, or she is doing this on purpose(she have some personal resons for it, she was recently demoted), and recently folders have been missing.
    Thanks god for the Tapes, i have been able to restore all the deleted data.

    I have moving around the system, and i got to the "effective Permissions", i can and a user and try to uncheck the Delete Box, this should take the delete privileges. but all the Boxes are Gray, i can't move, and i must to this, folder by folder. Is there a way, where i can get everyone inside a Undelete group, and take the delete privileges?

    Thanks for all the replys

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides