Check Your Passwords

While I was away at Southwest Fox, my web server got hit by ransomware. I’d like to say it was a sophisticated attack that got past my due diligence protections, but it wasn’t. It was a simple brute force password guesser and I was using a password on the server I knew was compromised.

Now, I can be dumb, but I’m not so dumb as to knowingly use a bad password on a production server. The problem was that I use Remote Desktop Manager to easily and automatically log me in to my various servers. Since I never typed in the password myself, I wasn’t aware that it was using an old, compromised password. Duh. (so, in a way, this is all Rick Borup‘s fault for introducing me to that software. And Rick wasn’t at Southwest Fox this year. Seems suspicious.)

So, don’t do what I did. Go check all the various ways you automatically log-in to stuff and make sure you’re not using some old, bad password.

Luckily this server didn’t have any mission critical apps, my documentation was good, and my backup plan was solid. It was 12 painful, tedious hours, but I managed to get everything back and running on shiny new AWS server.

With a good, secure password on it.

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s