Forum: Too Lazy BBS

Who's Online
Recent Visitors
- Sykotik
  Tue Jun 3 22:34:42 2025
  from Canada via Telnet
- Sykotik
  Tue Jun 3 22:31:22 2025
  from Canada via Telnet
- Guest
  Tue Jun 3 15:02:05 2025
  from Nc via Telnet
- Sykotik
  Mon Jun 2 00:49:24 2025
  from Canada via Telnet

System Info

Sysop:	Amessyroom
Location:	Fayetteville, NC
Users:	28
Nodes:	6 (0 / 6)
Uptime:	122:08:53
Calls:	449
Files:	1,042
Messages:	95,781

monitoring access to vserver with a gui

From warmfuzzy@700:100/37 to all on Tue May 7 17:29:26 2024

There are many good reasons to outsource your server hosting to a server farm. There are simple to advanced servers that can be acquired for a small fee. The issue with servers located outside your physical base is that the hosting company can view what you place on that server. In this particular scenario the server was setup on a vServer that had a GUI installed and contained remote access software called RealVNC. This RealVNC had a popup message that the removal of the USB stick inserted was "safe to be removed." This was a clear indication that someone in the server company had accessed my server and did something in terms of copying files to that USB Flash Drive. On a standard vServer this wouldn't be noted at all, but with a GUI and all of its notifications, this was easily detected. It's something to be considered anyhow. Sometimes the basic stuff is all you need to detect intrusions.

Cheers!
-warmfuzzy

--- Mystic BBS v1.12 A49 2023/04/30 (Linux/64)
* Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (700:100/37)

From poindexter FORTRAN@700:100/20 to warmfuzzy on Tue May 7 19:50:44 2024

Re: monitoring access to vserver with a gui
By: warmfuzzy to all on Tue May 07 2024 05:29 pm

something to be considered anyhow. Sometimes the basic stuff is all you need to detect intrusions.

Like, disabling external drive access, locking the cabinet, encrypting the drive volumes and forcing a boot password...
--- SBBSecho 3.20-Win32
* Origin: realitycheckBBS.org -- information is power. (700:100/20)

From paulie420@700:100/71 to warmfuzzy on Tue May 7 19:31:36 2024

The issue with servers located outside your physical base
is that the hosting company can view what you place on that server. In this particular scenario the server was setup on a vServer that had a
GUI installed and contained remote access software called RealVNC.
This RealVNC had a popup message that the removal of the USB stick inserted was "safe to be removed." This was a clear indication that someone in the server company had accessed my server and did something
in terms of copying files to that USB Flash Drive.

Interesting - are you doing anything further to document, report and ask the reason for this??? First, I thought to myself how could have that popup happened WITHOUT physical (or virtual) access - could have been some other USB device; either physical or virtual there, too... or???

And if someone did access DATA, how else can we tell - we could read thru the logs if the time was specific enough.

So - are you gonna drop it, continue to use the service or act???

|07p|15AULIE|1142|07o
|08.........

--- Mystic BBS v1.12 A48 (Linux/64)
* Origin: 2o fOr beeRS bbS >> 20ForBeers.com:1337 (700:100/71)