New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Are Java applets still a thing? Doesn't that open a huge attack surface (Java) on your PC instead?
Yesterday someone on LET mentioned that Fiberstate has exposed IPMI and today they've been ransomed 🤦♀️
https://lowendtalk.com/discussion/comment/4070772#Comment_4070772
Aged like milk.
Usually machines from where I manage my infra are extremely limited with precise routing info and not having a default gateway. So, good luck reaching it from outside of my LAN.
Hi,
well i just assume that a provider like @fiberstate 's wont let default passwords alive...
But if you login in HP with wrong passwords, it will add a delay until you can try it again.
With most IPMI implementations ( Supermicro/Asrock/Gigabyte/... ) this delay is not existing. Same with iDRAC ( incl. 9 i think, but not sure with 9, never dared to test it ).
So without a firewall and if public accessable, its just a matter of time, no matter the complexity.
Nowadays the good nice bot networks will find out your passwords quiet fast for you :-)
And most ( if not all ) hosting / infrastructure providers wont monitor the network traffic for that kind of attack patterns to block it automatically.
I hope the damage will be limited and i guess just another good example why (external) backups are just a very good idea.
And if you dont create external backups, your data were obviously not important enough for you. People who run their own self-managed servers declare themself admin's that dont need help from others. Otherwise they would have picked a managed service.
There is some minimum responsibility customer's who rent self-managed servers have.
Already if a provider would give you a public IP, you should automatically ask yourself about the consequences of this fact and act accordingly.
If you dont do it or dont care and not create backups... well then either you should not play admin or you should not cry afterwards if your cost effective self management exploded right in your face.
For sure what happend here does not look good for the provider. But every customer who ran into this ransom trap now, especially those without backups do not really look too much better to me.
If this happend to managed servers... hey... burn down the provider and flame it and shitstorm it .... but if its self managed....
Sorry... just my humble opinion.
So the attacker kinda confirmed me that he is attacking and were able compromise Asrock IPMI only for now.