Breaking Up

The moment you realize you are not alone

Some years back when I first started setting up my first web servers. I built a domain server, a website server, an email server, and a database server. Everything was running smoothly. Then after about one month or so, I came into the office and looked over at the server monitor and noticed the mouse moving across the screen. I thought, “What’s going on?”. There were a couple of menu’s being clicked. Then it hit me, I’ve been hacked!

My first emotion was anger after all these are my machines, I spent many, many hours getting them configured just right. This was a big lesson for me. Instead of assuming that everyone is nice, and everyone respects your space that doesn’t mean anything when you put yourself out there on the internet. People will just hack, hold your work for ransom. Why, because you didn’t think that would happen to you.

I’ve had many, many calls when someone has come to work after a weekend, or a holiday suddenly something is just not the way it should be, or after an innocent restart there’s now ransomware.

Sure, some break-ups are hard to do, but this decision should be an easy one this time.

How can we protect ourselves?

Well, as I found out you have to be proactive about it. You have to make sure every machine that accesses the internet (and especially servers) have had every single patch/update installed all the time, then make sure you have a very good anti-virus, anti-spam, and a good firewall. Then make sure that the virus software runs daily, scans continuously and make sure you check each machine daily, weekly and monthly. Test your backups by restoring them to a physical or virtual machines, you don’t want a backup failing when you need it.

That’s just too much time, how can I do my job if I have to do this on all my employees’ machines?

Well, you certainly would find the time, if you got ransomware at a price of about 15 bitcoins ($45,000 dollars) or you’d certainly feel bad if you had the opportunity to do something and didn’t.

We offer “Managed Services” to help you as much as possible to avoid the bad guys

Our managed service plans offer several layers of protection. In every case when we start a new managed service customer the machines have been unpatched and unprotected with on average 50 or more needed security patches. In addition, anti-virus is non-existent, isn’t scanning on a regular basis or its freeware.

Neil was right, breaking up is hard to do

Sure, some break-ups are hard to do, but we need to break up with the hackers. This decision should be an easy one this time (a no-brainer). Want to know how much your outage would cost? We can tell you. Call us for a personal outage cost comparison you’ll be surprised. We’re waiting to help you.

So, what happened to the hacked server?

Well, I immediately unplugged it from the network and restarted it. It would not start, the hacker had done his job. I spend the next 70 hours straight (with just a few 1/2 hour naps), getting the email server back online. I make sure things are up to date, patched and cared for every minute now and you should too.

I can map the drive by IP but not name

The Other Options Didn’t Solve the Problem

When I had the problem of being able to see a shared drive on the file server only by using the IP address and not the name I began searching the internet for answers, some workstations would see it by name and some wouldn’t. There is a mixture of XP, Windows 7, and Windows 10 machines on the network and some of each different type would connect while others wouldn’t. When I searched the Internet I found solutions about going to ‘Credential Manager’ (Control Panel, Credential Manager, Windows Credentials) and removing the saved credentials and that seemed to solve the problem for a lot of people, but not for me.

Back Story / How I got in this Mess

The machine that the file server was on crashed. The drive was fine, but the system itself stopped working. After tracing it to the motherboard I knew there wasn’t going to be a quick fix. This is a small company and they only have one other machine that is used as the SQL server, there old machines, but were pretty good when they were purchased years ago. Anyway, I needed to get this drive up as soon as possible, so not having time to get a new machine and do a bare metal restore, I took down the SQL machine long enough to install the file server drive into it. Then installed Virtualbox, and having the virtual computer use the physical hard drive of the server computer. Whala (voila if your french), file server is back online inside the SQL server box. (They both had similar hardware that aided in making this possible).

As we move ahead in time a few weeks, I built a new machine and kept the old server drive as a virtual drive except converted the physical drive to an actual virtual drive. My thought here was that later I can virtualize both of them (file server and SQL server) and come up with a clustering solution spread over a couple physical machines. So, after putting it all together on a new machine and firing it up suddenly not all workstations see the shared folder on the file server. This is where the trauma begins…

The Solution

I used Windows 10 for the pictorial solution, but, if your familiar with things, just un-check IP version 6 from the list of protocols from the workstations that are having the problem and things should work for you too.

1. First, right click on you network taskbar icon

2. Then when the settings window opens select “Ethernet”

3. Next Select “Change Adapter Options”

4. On the next window “Right Click” on the “network adapter” and select “properties”

5. Next, Un-check the IP Version 6 protocol and select “OK”

Conclusion

You can’t make this stuff up. Anytime when you least expect it something will happen. I handled this with very little user disruption. Even when the server crashed, the time back up was under 3 hours and when the IPv6 problem happened it was intermittent and I could handle most of that over the weekend. Need expert help with your network? In the Dallas / Ft. Worth Area, call me. 972.571.4808.

 

How to Uninstall those Built-in-Apps in Windows 10

While reading some cutting edge stuff on the web today I came across a blog post for getting rid of those pesky built-in-apps installed by default in windows 10. Here’s the original article. Follow-up, if you have trouble using this link and get an error, wait a few minutes and try again. Appartently the host of the site can’t handle too much traffic.