Monday, September 25, 2006

Overview of our server problems and some security measures

Here is a little information about the problem and some security steps that you should take.

Server Problems Fixed

It’s been a hectic weekend, but I think that the initial excitement might be over. This was a scary example of content-content interaction. The hosting company (Hostgator.com) has signaled the all-clear. They insist that their servers are clean and all is well (see their posting on the service’s discussion forum - http://forums.hostgator.com/showthread.php?t=10939).

Even though they have signaled the all-clear, I’m still a little hesitant to open Moodle up until I’ve monitored the discussion forum for problems for the next couple days. If all still looks good, I’ll re-open the site on Tuesday.

Here is a little write-up of the problem in Netcraft (http://news.netcraft.com/archives/2006/09/23/hostgator_cpanel_security_hole_exploited_in_mass_hack.html). I have a feeling that I’ll find some more write ups next week. This was caused by a combination of a security hole in MS Internet Explorer (which is still there) and a popular website administration tool called Cpanel (which has been patched). Cpanel is widely used by Web hosting companies, which should give you a little pause when you consider what can happen when things go wrong.

What security precautions should you take now?

I’ll reiterate that this should only be an immediate concern for those of you using Internet Explorer on a PC AND who accessed the Moodle site from Thursday night to Friday evening. Some obvious problems would be pop up advertisements (even when your browser isn’t open), but you might not even notice anything. I had to search for a problem on my computer, though I never had any pop ups. The steps below are my suggestions.

EVERYONE

  1. I suggest that you clear your cookies, cache, and history. This is a little bit of a pain because you’ll have to re-type in your passwords to all those websites that just logged you on automatically (i.e., Blogger, Wikispaces, etc.). It also means that websites you normally visit will take a little longer to load, because the “cache” keeps copies of all the images on the sites, which makes them load quicker the 2nd time you visit. However, this will also assure that you don’t have any problems when accessing Moodle again.
    1. Open Internet Explorer
    2. Click on the “Tools” menu, then click on “Internet Options…”
    3. Under the “General” tab, click on “Delete Cookies…” (wait), click on “Delete Files…” (wait), click on “Clear History” (wait).
    4. Click ok, close Internet Explorer.
    5. Empty your computer’s “trash” (deleted items).
  2. Everyone should update your virus protection and run a full scan on your system – Symantec Antivirus (the one that you can download at http://iuware.iu.edu) released an update about 12 hours ago. This update found a “Trojan” (like a virus) on my computer that wasn’t found with previous scans.
  3. I strongly suggest that you use the Firefox browser for a little while. I have been a long time users of Internet Explorer and I never really paid much mind to the potential security risks. However, this issue is particularly bad. You just visit a website and you can get a virus. While Firefox is not immune to this, it has been more reliable over the years. This may be because it has a smaller percentage of users and virus writers like to make a bigger impact. Whatever the reason, Firefox is safer until Microsoft fixes the problem in Internet Explorer. You can download Firefox (free) at http://www.mozilla.com/firefox/

THOSE FINDING A VIRUS

  1. Make sure that the Antivirus program “Quarantines” or deletes the offending virus. You should see a report at the end of the scan telling you which of these it did. Also, the message may tell you to restart your computer. Do so.
  2. System Restore – This seems to have made a difference on a couple of computers that had problems (though a recent update from one person indicates that problems eventually returned). It sets your computer back a set number of days (I would suggest Wednesday or before to be safe). This should not affect documents that you’ve created since then, but I would suggest that you back them up just in case.
    1. Click on Start >> Programs >> Accessories >> System Tools >> System Restore
    2. When the window opens, select “Restore my computer to an earlier time” then click Next.
    3. Choose a date on the calendar (only bold days) then choose a restore point from the list on the right. Click Next.
    4. Then you’ll see a summary of what you are going to do. Read it and follow any instructions there. When ready, click Next and let it do its work.
    5. Wait
    6. When the process is done, it will either tell you that it was successful or not. If it was successful, go to #7. If it was unsuccessful, disable your antivirus, then do this process again. If it still doesn’t work, let me know.

  3. If the System Restore finished successfully, restart your computer. If not, contact me.

  4. Turn off your System Restore. This cancels all of your previous restore points, so make sure that your restore worked. Viruses can hide in the System Restore files, so I want to make sure that it’s not given an opportunity.
    1. Right-click on “My Computer” on your desktop.
    2. Click on “properties”
    3. Click on the “System Restore” tab
    4. Check the “Turn off System Restore” check box.
    5. Click “OK”
  5. Run your Antivirus program again. If there are no warnings, you’re probably good.
  6. Turn on your System Restore again (same procedure as above). This ensures that it is ready for the next emergency.
  7. If you run into any problems, contact me.

Posted by Dan at 9/25/2006 11:40:00 AM

Labels: , ,

No comments:

Post a Comment


Subscribe to: Post Comments (Atom)