Thu, Jun 19 2008 22:05
bradley
So what happened?
In a phrase... we got owned. And we've been offline this long to ensure that we/I could better understand what went wrong. We're still in investigation mode but what we did was to talke backups of the impacted drives so that when the guys from PSS/CSS Security asked for data we could give it to them.
So for those of you with questions....
Did we have a/v on the blog server? No, because I'm of the opinion that a blog/web server doesn't need it and a/v is reactionary.
How did they get in? Not sure at this time. The OS was patched so I don't see an entry point there. RDP was used at one time but 'after' the funky service that I blogged about was already on the server.
So bottom line, stay tuned and I'll blog more later on what we did find on the box (and more on what I think went wrong)
Filed under: Security
![[There's a reason that Yoda is the unofficial mascot of SBS. Size indeed matters not.]](http://www.sbslinks.com/images/headertop.png "There's a reason that Yoda is the unofficial mascot of SBS. Size indeed matters not!")