ntang (ntang) wrote,

Bomb scare

Well, ok, there was no bomb scare, but saying that does a better job getting peoples' attention.

So it looked like we might have been compromised (translation: one or more servers were cracked (hacked) by a cracker (hacker)). Files were disappearing, getting corrupted, etc. So they shut down the router so no traffic was going anywhere and proceeded to look into it. We sent all of the SA's home so they could work from there, since an SA without an internet connection (or a connection to the datacenter) is like a fish out of water.

It turns out, though, that we weren't owned (aka compromised) - someone had just made a mistake and copied a directory with a symlink to / into /tmp, and the nightly /tmp cleanup crontab was somewhat carelessly written and followed the symlink quite happily, eating files right out of /.

They've since fixed it and brought our connection back up again. Oops.

  • Where I am nowadays

    I haven't updated this in a million years... in case you're wondering why, it's because I've mostly moved on to other places. You can find my…

  • DSL

    I've been a loyal Megapath customer for years. (Something like 8 or 10, crazy, in that range...) They've had great service (and a great service -…

  • MySQL failover

    So we're running some MySQL at work, which is a little unusual for us, but is probably long overdue. (Specifically, it's for some Wordpress…

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded