Whew... been a long time since I've even had time to read the threads, let alone post one... Nowadays with the market fall everybody is doing more with less.. (cant complain, I'm still quite gainfully employed!!)

Anyhow, a reminder for those who are new, and even those of us who are a bit experienced in this fast moving field they call IT. Last week my daily routines (routine in IT.. yeah) were interrupted by everybody complaining about the company website being down. I also watched as the dates on our mail received changed to a year back... interesting.

After much hubub, all the execs called me into a meeting... seems our webserver was hacked. I was informed that it was now my job to move mail and our web services "in-house" as the administrators at our ISP couldnt seem to keep it locked down. I managed to talk them into allowing me access to the hacked box (beleive me this was a task, I'll tell you why they were reluctant) After much log viewing, and poking around, I noticed the box hadnt been patched since its setup over a year and a half ago. The hacker was a "script kiddie" who used an ssh exploit patched over 9 months ago.

uhm... duh... Most of you who will read this thread are quite active in keeping up to date, this is one of the best forums for that purpose!! I use it constantly, I usually spend a half hour each morning looking for any new bugs, fixes, updates, or potential risks. I have done this for five years now, since I had my "lesson", I was lucky, my lesson didnt cost my company anything, and I retained what I learned the first time. Unfortunately for our ISP (and the administrator) I was suprised to find out that this is not the first, nor the fifth time a system under his control has been exploited due to lack of patching. I have since moved our services in house, and the old web/mail server was burned down....

Whats this mean?? Well... anyone experienced in any type of security will tell you that the most important thing to do is stay informed. The largest security hole I have ever seen (and seen all to often) is poor administration. It takes a large amount of knowledge to manage groups, users, resources, applications and so forth.... and I suppose I can see how it is easy to forget updates and keeping abreast of new holes..... But it's part of the job! More often than not, a system is hacked with an old exploit that has been patched long ago. Yes, new exploits do cause trouble... but it is the administrators job to be ready to jump at any moment, this is where we earn our pay. This isnt a rant (ok well it is...) but its more of a reminder to those who may be new. Learn this lesson the easy way, and remember it!!

Oh yeah, the server was running RedHat.... For all you who think one O/S is more secure than the rest.... (this is an age old argument that is pointless to waste time on here...) And I do have NT machines more secure... I also have more secure Solaris, BSD, and SuSe boxes... not because of the O/S... but simply because I wont let a day go by without checking for patches.. let alone a year and a half. (sidenote, its handy to keep a test machine so you can test the patch before deploying... remember NT service pack 2??).

Anywhoo, just a rant... I cant say any of the new machines I now run will never get hacked... but I can say it wont be an old exploit that brings me down! It's just unfortunate to see a company lose a large amount of money due to downtime because another "experienced" administrator didnt learn his lesson the first time.

~THEJRC~