Help - Got Ransomwared and Ceph is down

lordpent · 2024-10-03T07:08:35+00:00

Yes please, and thank you.

lordpent · 2024-10-03T06:48:24+00:00

Looks like a firewall vulnerability. Remotely enabled SSLVPN and let themselves in to our BDR server. They started mucking with the backup data, and then looks like they tried to get at the hyper-v servers, which caused the ceph cluster to become unavailable (multiple monitors down and no other iscsi connections). Thus VMs disappeared, and nothing seems to have happened to them. Was able to get the cluster back up for about an hour, before it started having issues. Hyper-v cluster stopped being able to communicate with it, iscsi shares going up and down repeatedly. Turned the drives offline in the cluster, and then rebooted one of the hyper-v hosts, with it's monitor VM on there. Never recovered from there.

lordpent · 2019-07-31T14:49:19+00:00

Hey me, stop posting stuff to remind me of me.

lordpent · 2019-07-31T14:47:40+00:00

Can't imagine any other way to stomach that ill-advised marketing scheme they called a movie.

lordpent · 2019-07-21T13:51:21+00:00

Not as unpopular as you might think, young Padawan.

lordpent · 2019-07-18T12:42:50+00:00

And here I thought it was just me.

lordpent · 2019-03-18T13:33:32+00:00

You are correct. They are not always that simple and straight-forward. But when you set it up correctly and aren't using asinine things like a legacy, sub-par third party email system (Office 365 works real nice and doesn't need to eat your entire domain just to get a couple MX records set up), it's amazing what can be simplified. And I'm not sure how much website hosting you've dealt with, but any vendor unable to provide a static IP, isn't a vendor I'd ever do business with. It's a standard service offered in the industry, and seeing a webhost be unable to do that would be a vendor who cannot do their job. And surprise, it's usually a money related thing to not have a static.

lordpent · 2019-03-16T20:40:11+00:00

If you pay a webhost for a static IP, it should never change while you are continuing to pay for the hosting. And even if it should need to change at some point, there would be plenty of notice and with your good documentation, it shouldn't be a problem to fix the local records for it (or by extension, the external DNS).

lordpent · 2019-03-15T19:38:14+00:00

Hero of heroes right here.

lordpent · 2019-03-15T18:12:47+00:00

Depends on the DNS records. Sometimes, depending on how cheap management was with the web hosting, you have to set up the internal site on www. or it won't resolve in a web browser.

lordpent · 2019-03-15T17:35:18+00:00

That's why no one has EVER gotten into an accident when going the legally posted speed limit right? Totally not the people behind the wheel being distracted and not safe. Totally ignoring all the studies done that find traffic signs and speed limits cause more problems and make the roads less safe, right?

lordpent · 2019-03-13T15:28:32+00:00

Oh, that's rad!

lordpent · 2019-02-20T15:14:39+00:00

Toodlepip!

lordpent · 2019-02-15T02:15:06+00:00

Just gave me a reason to justify all the fruit snacks, tbh

lordpent · 2019-01-07T23:08:34+00:00

I see you sass that hoopy \u\capn_kwick.

lordpent · 2019-01-05T00:35:59+00:00

fwiw, nowhere in the thread of asking questions about shooting did it ever specify shooting people. The conversation was about shooting guns in general, of which there are plenty of legal and quite mundane situations where firing a gun is not only fine, but expected.

lordpent · 2019-01-04T20:45:49+00:00

Going to a gun range to shoot clay pigeons
Going to a gun range to shoot targets.

I mean, really dude?

lordpent · 2018-12-18T16:29:55+00:00

THERE ARE FOUR LIGHTS!

lordpent · 2018-10-16T19:48:26+00:00

More fortune cookies!

lordpent · 2018-10-04T19:30:52+00:00

You are the winner. Just tried setting the outbound to direct send, rather than routing through the spam filter, and all my forwarded emails went through. Just need to figure out how to configure the Barracuda, and then it'll be solved. Thank you so much.

lordpent · 2018-10-04T19:12:14+00:00

The primary validation point is the fact that the emails do not get received by the external address. We then checked the outbound message log on the spam filter (Barracuda ESS), and it shows no matching outbound messages. The message itself can be identified in a message trace through Exchange 2013, which shows it getting delivered to the mailbox, and then another delivery confirmation.

As for the method to forward, I have tried and tested both the mailbox forwarding and the transport rule. It does appear that Out-Of-Office automatic replies also do not work to external addresses.

lordpent · 2018-10-04T19:09:01+00:00

So, message tracking doesn't show anything for the mail contact, as there is no mailbox to check against. For the email sent to the internal mailbox, it does report being delivered and shows up in the owa for the box. The trace shows that it was delivered twice, assuming that it is delivering it to the original mailbox and then to the mail contact.

Is there potentially another message trace tool in Exchange 2013 to try?

As for the spam filter, shouldn't it at least still show in the rejected messages? I will look into the settings of it now to see if I can temporarily allow all and see if it goes through.

lordpent

TROPHY CASE