A year ago this month, my Profit article noted that “unfortunately, most entrepreneurs continue to ignore computer security shortfalls that leave them vulnerable to system crashes, hacker attacks, virus outbreaks and even internal sabotage. My point? Companies better pay attention to security issues, or they’ll find things getting increasingly ugly.
Fast forward a year. Wow! Today I got an e-mail from Rogers Communications — they’re my high speed provider — notifying me that an attempt had been made to break into a computer — and that the attempt came from my Internet address.
Whoah! Obviously, I don’t spend my time hanging around trying to hack into systems; indeed, I’ve long been warning companies about the risks of neglecting security.
Not only that, but through the years, I’ve taken the time to understand security from both a high-level and very-technical level. Given the, I don’ take security lightly.
Needless to say, the message struck my immediate interest … and so I sent it on to the head of PR for Rogers, asking what’s up!
A short time later, the answer came back — it looked like my Web server on my inbound connection, which I use to access e-mail while on the road, had been compromised — it appeared on a list of “public proxy servers” on several Russian sites. Sure enough — I’ve been hacked…..
I’m digging into it further, and I’m really none too amused. What this involves is less any type of sophisticated “hacking’ and more simple negligence on my part — it looks like someone took advantage of what is known as an “open proxy server” on a Web server I run here. That allowed people to travel to other Web sites anonymously, using my Web server as the launch point. I could have sworn I took the time to ensure that all such features were turned off … but somehow did not.
Needless to say, there was all kinds of nefarious activity underway, I’m red in the face, and there are some big lessons learned.
I imagine I’ll have quite a bit to say about this — quite a bit more to learn — quite a few articles to write — and quite a bit of guidance for those who might be overly confident about their own security!