1. Forum
  2. spooknet
  3. SN SECURITY

  • monitoring access to vserver with a gui

    From warmfuzzy@700:100/37 to all on Tue May 7 17:29:26 2024
    There are many good reasons to outsource your server hosting to a server farm. There are simple to advanced servers that can be acquired for a small fee. The issue with servers located outside your physical base is that the hosting company can view what you place on that server. In this particular scenario the server was setup on a vServer that had a GUI installed and contained remote access software called RealVNC. This RealVNC had a popup message that the removal of the USB stick inserted was "safe to be removed." This was a clear indication that someone in the server company had accessed my server and did something in terms of copying files to that USB Flash Drive. On a standard vServer this wouldn't be noted at all, but with a GUI and all of its notifications, this was easily detected. It's something to be considered anyhow. Sometimes the basic stuff is all you need to detect intrusions.

    Cheers!
    -warmfuzzy

    --- Mystic BBS v1.12 A49 2023/04/30 (Linux/64)
    * Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (700:100/37)
  • From poindexter FORTRAN@700:100/20 to warmfuzzy on Tue May 7 19:50:44 2024
    Re: monitoring access to vserver with a gui
    By: warmfuzzy to all on Tue May 07 2024 05:29 pm

    something to be considered anyhow. Sometimes the basic stuff is all you need to detect intrusions.

    Like, disabling external drive access, locking the cabinet, encrypting the drive volumes and forcing a boot password...
    --- SBBSecho 3.20-Win32
    * Origin: realitycheckBBS.org -- information is power. (700:100/20)
  • From paulie420@700:100/71 to warmfuzzy on Tue May 7 19:31:36 2024
    The issue with servers located outside your physical base
    is that the hosting company can view what you place on that server. In this particular scenario the server was setup on a vServer that had a
    GUI installed and contained remote access software called RealVNC.
    This RealVNC had a popup message that the removal of the USB stick inserted was "safe to be removed." This was a clear indication that someone in the server company had accessed my server and did something
    in terms of copying files to that USB Flash Drive.

    Interesting - are you doing anything further to document, report and ask the reason for this??? First, I thought to myself how could have that popup happened WITHOUT physical (or virtual) access - could have been some other USB device; either physical or virtual there, too... or???

    And if someone did access DATA, how else can we tell - we could read thru the logs if the time was specific enough.

    So - are you gonna drop it, continue to use the service or act???



    |07p|15AULIE|1142|07o
    |08.........

    --- Mystic BBS v1.12 A48 (Linux/64)
    * Origin: 2o fOr beeRS bbS >> 20ForBeers.com:1337 (700:100/71)