The malware pages should be gone, but so are a lot of files. We're restoring files now and should have things back up and running over the course of the night. It was the same employee's account that was compromised, so his access is temporarily revoked.
Well, the malware pages are NOT gone from my web site and likely my entire server. Still there, serving up a virus download (likely a trojan).
The security problem lies outside our systems. This was an employee working at home on a machine that was clearly compromised in some way so that their password could be sniffed out in some way. We're keeping his password revoked until we can make sure it's not going to get compromised again.
No, an employee is a part of your system, and I expect that the employees in charge of running things are capable of not allowing themselves to be compromised. Human error, sure, but a really dumb one by someone they obviously trusted enough to let log into the system as an employee from home. Password revoked? I would say no longer employed by the company would be a good start. We can discuss tar and feathering later.
Just a note, databases are fine. They only removed files from your user directories, which is what we're in the process of restoring right now. Some servers are down as a result of this, and we'll be getting them back up as we're able to over the course of the evening.
Oh, they "just" removed files from user directories? Well, I guess I should stop freaking out now. It's not like 99% of my web site is made of of files in a directory or anything. I guess I should be happy, but I am not.
We have a variety of things we're going to put in place for this, including a jumpbox and two-factor authentication system for techs.
Rather like closing the door on the chicken coop after the foxes have eaten the hens, to use a somewhat tired cliche. I am appalled that someone with an employee account could just sit down at any old computer and log into the system the same way I do with my user account ... with a single password and no additional verification. I can't do much except mess up my own site with my account, but it's very plain to see that an employee account can bring the whole system down in a matter of minutes.
Though you know I don't want to do it, I'm going to go to bed now. I have to be awake in a few hours, and someone has to go get groceries tomorrow. This situation better at least be somewhat solved by the time I wake up. At the very freaking least, the damn virus crap better not be sitting on my domains anymore.
I have a migraine. My toe both hurts and itches. The last 5 days have sucked hardcore. I did not need this right now.
- I Am:
listless
![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small}
Comments
When will they tell me that there was a serious security breach and my data has been compromised?
How long will it take them to alert me to the fact that my website and email service is not functional?
Will any of this happen, or do I have to hunt down myself some obscure threads in a forum to piece together any details of an ongoing problem at ASO.
I understand that unanticipated problems can arise that lead to a crisis, but I cannot accept no one telling me about it.
May I suggest that if this problem is not solved (servers restored) in the next hour that ASO and their public relations representative figure out a more direct way of communicating details of this problem to their customers. No one likes to find out about things secondhand.