2016 Postmortem

RichVRichV

(885 posts)

17. Most communication to a server is logged somewhere.

Wed May 4, 2016, 08:36 PM

May 2016

Servers keep logs of all direct access attempts (successful or failed) with IP addresses of connections. It's a simple matter to parse the log files down to only successful connections. From there it's just a matter of determining if the connection was legitimate or a hack such as brute forcing a password on the root account (always turn off the root and admin accounts on servers, everyone attacks them). That's going through the front door with something like an ssh connection.

There's also other means of hacking a server. One of our email servers was hacked by a buffer overflow attack. In a buffer overflow attack someone sends data in a corrupted manner that pushes a portion of the data outside the memory block allocated for storing that data. By pushing the correct data into the correct memory block they can use it to compromise security. There are lots of other types of attacks who's effectiveness depends on how well a server has been setup and what is running on it.

Most attacks leave fingerprints of the activity on the server for people that know where to look.

Edit history

Please sign in to view edit histories.

28 replies

= new reply since forum marked as read

Highlight:

It's looking like NBC sat on the Guccifer story for over a month. [View all] NWCorona May 2016 OP

So now Bernie lost New York because some tacky ass hacker didn't have an interview aired KingFlorez May 2016 #1

Did I say that? NWCorona May 2016 #4

The media trying to control the election... scscholar May 2016 #11

Exactly!! n/t FourScore May 2016 #14

Interesting how you guys now have changed your tunes and embrace the Corp Media rhett o rick May 2016 #15

I agree... tex-wyo-dem May 2016 #2

IOW, business as usual. nt valerief May 2016 #3

Lol. Yea, it's odd alright. JTFrog May 2016 #5

This one starts interviewing him from April 19th onward (Faux News). insta8er May 2016 #6

Crazy NWCorona May 2016 #9

Yes, this "10 IPs" comment. What does that mean? Barack_America May 2016 #12

Exactly right! NWCorona May 2016 #13

You're kidding, right? Barack_America May 2016 #16

About what? NWCorona May 2016 #18

Her opening a phishing email. Barack_America May 2016 #19

Yeah I couldn't believe it ether. NWCorona May 2016 #24

Most communication to a server is logged somewhere. RichVRichV May 2016 #17

So, did 10 other people get into her account? Or was it just her... Barack_America May 2016 #20

It's not 100% clear from that one statement. jeff47 May 2016 #22

From the way he describes it probably had nothing to do with her account. RichVRichV May 2016 #23

Not quite jeff47 May 2016 #21

That depends on a number of factors. RichVRichV May 2016 #25

Access Logs on the server FreakinDJ May 2016 #26

They did sit on it until FOX was breaking their own story... 4139 May 2016 #7

Yup! I just realized that as others sent me the link. NWCorona May 2016 #10

Timing may be strange Hav May 2016 #8

Puh - leez MSNBC gave up objectivity a long time ago. The only thing they "report" is opinion. pdsimdars May 2016 #28

Far too serious to inform the US public about in a timely manner. nt mhatrw May 2016 #27