Access from work issue

**sneagle** · May 29th, 2007, 8:05 PM

I cannot access my website nor Surmunity from work.

This started after a virus outbreak and tightening of security and the firewall. Today, I ran into one of the network operations people and asked "WHY?" He investigated and said

Quote:

They "seem" to be infected with the Nirbot virus. The rule that is stoping the site is the rule that stops the morphing of the Nirbot virus.

Nirbot - Also known as: W32/Delbot (Sophos), W32.Rinbot (Symantec), Backdoor.Win32.VanBot (Kaspersky) - it seems to work through port 8080
http://www.symantec.com/outbreak/w32.rinbot-worm.html

Now I doubt Surpass is infected with a virus, so I am hoping that I can learn something to convince the network folks to allow me access. I posted here first rather than a ticket to Support to get the learned opinion of Surmunity before I went to support.

So, does anyone think Surpass is infected?

**Dan** · May 29th, 2007, 8:31 PM

I've had my shots.. it aint me!

**Brandonnn** · May 29th, 2007, 8:53 PM

no... your network is infected.

**sneagle** · May 29th, 2007, 8:57 PM

I am amused.

Still, I need to solve this problem? Anyone?

**puckchaser** · May 29th, 2007, 8:58 PM

Considering the virus is a W32 (ie WINDOWS based virus) and unless you have a dedicated server running Windows, your Surpass server running Linux cannot be infected with a W32 virus.

Case closed.
Next!

**sneagle** · May 29th, 2007, 9:15 PM

Quote:

Originally Posted by puckchaser

Considering the virus is a W32 (ie WINDOWS based virus) and unless you have a dedicated server running Windows, your Surpass server running Linux cannot be infected with a W32 virus.

I have a reseller.

I sorta figured what you said is the case. However, how do I convince the network people and more importantly the automated software blocking the site?

**puckchaser** · May 29th, 2007, 9:39 PM

Tell them that your Surpass server runs Linux and can not be the cause of their virus. If your IT people can't figure that out, then you will most likely be out of luck because they are idiots.

**sneagle** · May 29th, 2007, 9:46 PM

This is the original comment from the IT folks (I have not yet discussed with them that this is a Linus server.)

My guess is that the scanning process will not be able to tell a Windows server from an Linux server...

Quote:

It will not be possible to open access to your web site through the firewall. I had some confusion in why we were blocking your site at the firewall level. The reason for the confusion is that we don’t scan for content here. What we do scan for is protocol ( port addresses ) and your host is broadcasting the same port address that the Nirbot virus talks over. This means that this host is most likely infected with the same virus that infected us last February.

So, unfortunately, we will not be opening up this site.

It might be best to reach out to your host provider to see if they can update “patch” their servers with the latest MS security patches and AV patches…

**puckchaser** · May 29th, 2007, 9:53 PM

Quote:

Originally Posted by sneagle

This is the original comment from the IT folks (I have not yet discussed with them that this is a Linus server.)

My guess is that the scanning process will not be able to tell a Windows server from an Linux server...

I would explain that your server is running Linux. They are looking for MS (microsoft) patches. Find out what port seems to be the issue, and see if you can open ticket with Surpass.

May 29th, 2007, 8:53 PM	#3 (permalink)
Brandonnn ﴾͡๏̯͡๏﴿...tweet Super #1 Joined in Dec 2005 5,755 posts Gave thanks: 145 Thanked 151 times	no... your network is infected. __________________ poof

May 29th, 2007, 8:57 PM	#4 (permalink)
sneagle Surpass Fan On a golden path... Joined in Oct 2005 Lives in Northern NJ Hosted on PASS83 332 posts Gave thanks: 6 Thanked 16 times	I am amused. Still, I need to solve this problem? Anyone? __________________ www.msj3.comSPACERReseller - PASS83 SPACER

May 29th, 2007, 8:58 PM	#5 (permalink)
puckchaser He shoots.. He scores! Super #1 Joined in Feb 2007 Lives in A room with no windows. Hosted on SH110 1,424 posts Gave thanks: 43 Thanked 137 times	Considering the virus is a W32 (ie WINDOWS based virus) and unless you have a dedicated server running Windows, your Surpass server running Linux cannot be infected with a W32 virus. Case closed. Next! __________________ SH110

May 29th, 2007, 9:39 PM	#7 (permalink)
puckchaser He shoots.. He scores! Super #1 Joined in Feb 2007 Lives in A room with no windows. Hosted on SH110 1,424 posts Gave thanks: 43 Thanked 137 times	Tell them that your Surpass server runs Linux and can not be the cause of their virus. If your IT people can't figure that out, then you will most likely be out of luck because they are idiots. __________________ SH110

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

May 29th, 2007, 8:31 PM	#2 (permalink)
Dan Staff of Surpass Super #1 Joined in Apr 2007 2,637 posts Gave thanks: 137 Thanked 174 times	I've had my shots.. it aint me!

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)