Best posts made by pmoncho

@scottalanmiller said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

@pmoncho said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

@SmithErick

Received my Cyberheist email from KnowBe4 about an hour ago and one article confirms that it was ConnectWise / Kaseya vulnerability from 2017 that was the vector.

We had a thread about that last week here on ML. We know that ConnectWise had vulnerable DLLs on their Windows installs. But we don't know if that was the case here. But we do know that they advertise publicly that they use some ConnectWise stuff, so the chances are relatively high.

Yeah, I saw that.

What I found interesting was that a source stated that the update was either not installed or not installed "correctly." What is "not installing correctly" with regards to Connectwise?

@JaredBusch said in What Are You Doing Right Now:

@RojoLoco said in What Are You Doing Right Now:

$600 worth of kaboom

As someone who has spent large sums on fireworks, that is not an insignificant amount of kaboom.

I've done family fireworks shows dropping ~$300 on stuff. Though I do not think I got any shells bigger than 2"

Same here. Spent $300 this weekend and my little show lasted a whopping 15 min with most of the time spent setting up the next "bang"

Will have a much better show next year though as my father-in-law and a couple others want to chip in.

I found I'm bad in a candy store, but I discovered I am worse in a fireworks store.

@JasGot said in Slow MS SQL Queries between Windows 10 VMs and MS SQL 2014 on same host:

Winner Winner, Chicken Dinner. It was MDTC and Windows Firewall. (Which is frustrating, because the firewall is turned off for the domain!)

Good job at troubleshooting. I'm wondering what led you down this path versus something related to Networking, hard drives or software drivers?

@WrCombs said in Huge Mistake:

So let me start this off by saying if I hadn't listened to my boss first thing this morning, this mistake wouldn't have happened. but god forbid he say he was wrong.

Okay: so, Went and picked up a PC from a customer: the plan as it was said to me was

• Pick up PC

*Bring back to office, put 2 new HDD's in and pull over the information after we image it.

*take it back and install it at the site again.

So, what actually happened?

Brought the PC back, boss told me to stop, he has an idea.
Reformat one of the Hard drives we have here, on that PC and then have the FakeRAID we use rebuild the information, then test the PC to run a terminal and verify it works properly.

So I added the other drive to the PC. Little did I know (nor did I check) the Optical drive was set to boot first (which is where I added this Drive to the PC ). It came up as C: and the PC I wanted to load as C: loaded as D:

so when I opened cmd and typed in
format d: and pressed enter, I wiped all of the customer data from the Drives..

it wasnt until I noticed a program we don't use on aloha PC's was when I realized what I had done.

My Tuesday Fuck up in a nutshell. -- Let's all take a moment to give me shit for this colossal screw up.

we already downloaded a Software to Recover lost partitions and I have that running right now .

Sorry man.... I had a huge F'up in my career about 20 years ago. Fess up to it, fix it the best you can, eat crow, learn from it and never do it again. That is all you can do from this moment on.

From my F'up, I learned to "slow down, verify and think before hitting enter or clicking "yes""

Goal - Lock down the server to a point where the level of risk is rather low from the rest of the outside world.

Wondering what else I should do?

Based on my setup below, the two possible changes I can think of based on my reading,
--Change SSH to different port (is it worth it?)
--Change port in MC to 4433 instead of 443

Current Setup:

Vultr account setup with 2FA
Vultr Firewall setup (I don't believe I need this as UFW is setup on Ubuntu)
--Allow SSH port 22 from Home and Work IP only
--Allow 80 and 443 from anywhere to get to MC

Ubuntu 18.04.2 (I know others like Fedora and Ubuntu current)
--Check for Updates Daily
--SSH with Keys only (Private Key has a passphrase)
--No SSH root login
--fail2ban for SSH
UFW
--Allow SSH port 22 from Home and Work IP only
--Allow 80 and 443 from anywhere

Meshcentral with NeBB-
--MC Site login setup with 2FA
--SelfUpdate =True
--UserAllowedIP set to home and work IP's only
--Using LE

@brandon220 said in What Are You Doing Right Now:

Stuck in a loop trying to log into Microsoft VLSC. I sign in with my email and it tells me to use another email that is linked. Try using that one and it says it doesn't exist. It TOLD me which email was linked. Oh, and the 'personal' or 'work' logins are ridiculous.....

I know the that pain. UGH. Feel for ya.

@scottalanmiller said in Secure Meshcentral server on Vultr:

@JaredBusch said in Secure Meshcentral server on Vultr:

@pmoncho said in Secure Meshcentral server on Vultr:

Based on my setup below, the two possible changes I can think of based on my reading,
--Change SSH to different port (is it worth it?)
--Change port in MC to 4433 instead of 443

This serves zero purpose except to complicate your life.

I agree. Makes things harder for you, not harder for hackers.

I am of the belief that to hackers, they will scan as many ports for as many protocols as they can. If they can't find SSH on 22, they will search all the way up to 65543 to find it.

@scottalanmiller said in What Are You Doing Right Now:

@Grey said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

@Grey said in What Are You Doing Right Now:

@siringo said in What Are You Doing Right Now:

@Grey said in What Are You Doing Right Now:

@nadnerB said in What Are You Doing Right Now:

@Grey said in What Are You Doing Right Now:

@nadnerB said in What Are You Doing Right Now:

@Dashrender said in What Are You Doing Right Now:

@siringo said in What Are You Doing Right Now:

@nadnerB said in What Are You Doing Right Now:

@siringo... Ping!
Just checking in to make sure you're ok.

Things seem to be a bit crap over your way.

Hey, how are you going. Things are turning upside down over here.
My wife and I live 4 hours out of Melbourne so we're free and easy, just can't leave the state nor visit the capital.
I'll tell you what the world is going to be like this until a vaccine is found, so this could be going on for a few more years.
The Premier said yesterday that one problem they have is getting enough people to do the tracing work that is required. It spreads so fast that they run out of manpower.
It must be a nightmare in places with a greater population.

Don't say that man - Next year is my 20 year wedding anniversary - and we planned a two week vacation to Aussieland!

It's a big place. Plenty of places to pick.

Nope. https://www.miamiherald.com/news/nation-world/world/article244059902.html

and? Nothing unusual...

I reckon the USA is scarier, you guys have bears. You can't outrun, out climb, out muscle those things.

Bears stay in the mountains. Spiders are jerks (see: https://www.facebook.com/uniladmag/videos/4375225242500501/). Snakes don't give a fuck, and they bite the Uber.

Nope.

They don't, I've got nearly nose to nose with a bear in the yard while taking out the trash.

But I've also had a huntsman in my hallway.

In Dallas?

Bears in upstate NY. Huntsman on Crete, in Aptera.

I'll take a few more bears in NE Ohio if they eat some of these damn deer.

@Dashrender said in Secure Meshcentral server on Vultr:

@pmoncho said in Secure Meshcentral server on Vultr:

@Dashrender said in Secure Meshcentral server on Vultr:

@dafyre said in Secure Meshcentral server on Vultr:

@pmoncho said in Secure Meshcentral server on Vultr:

@dafyre said in Secure Meshcentral server on Vultr:

@pmoncho said in Secure Meshcentral server on Vultr:

@Dashrender said in Secure Meshcentral server on Vultr:

@pmoncho said in Secure Meshcentral server on Vultr:

@Reid-Cooper said in Secure Meshcentral server on Vultr:

@pmoncho said in Secure Meshcentral server on Vultr:

Vultr Firewall setup (I don't believe I need this as UFW is setup on Ubuntu)

Less portable that way. Why not do it the normal way?

Little lost here. What is the "normal way?"

Basically, I setup the Vultr FW because I wanted to make sure the MC server had a FW up front during the initial install and config. After setting up UFW on Ubuntu, I realized that I may no longer need it.

Is that really a risk during install though? What ports are open during install that would make this a concern?

Truth is, I have no idea. Most likely not though. Just enabled it until I had the OS installed, opened the SSH port so I could get in from my IP and configured UFW on Ubuntu. Just never disabled the Vultr FW. Figure it didn't hurt so I kept it.

I guess its just personal trust issues. I even sometimes like my car doors while parked in my garage with a garage door opener and locked side door. Weird I know!

A little paranoia isn't a bad thing... but I think you may be tiptoeing the line.

No doubt. Have to let go a little.

But only a little. Don't want somebody to steal your car when they get into your garage.

Lol - they'd still likely need the keys - so even having open doors doesn't really help the crook.

Crook needs no keys. That is the scary part. Metal shim, wire cutter/stripper, electrical tape and possibly screw driver. Jimmy lock, strip wires, connect to get it out of park, push to end of driveway, connect to start up and away they go. Ugh. To much Black Mirror and Mr. Robot.

Yeah - the main temper to that around here is - what are the chances of YOU being a target? and what percentage of crooks are going to have those skills? I don't know you, so I can't see what your level of being targeted are, but the % of crooks with the skills are very low.

I am just a suburbanite in Ohio. Where I'm at I know the % of being a target is pretty low.

The rational side of me so gets that. I get into that paranoia state and eventually (after long while of stability) get to the "just cause its possible doesn't mean its probable" state. Getting to the latter state sooner is my issue.

Side Note - The confidence, along with knowledge and experience, of the posters here in all aspects of IT, keeps me in awe (I mean that in a very good way).

@RojoLoco said in What Are You Doing Right Now:

@pmoncho said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

@Grey said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

@Grey said in What Are You Doing Right Now:

@siringo said in What Are You Doing Right Now:

@Grey said in What Are You Doing Right Now:

@nadnerB said in What Are You Doing Right Now:

@Grey said in What Are You Doing Right Now:

@nadnerB said in What Are You Doing Right Now:

@Dashrender said in What Are You Doing Right Now:

@siringo said in What Are You Doing Right Now:

@nadnerB said in What Are You Doing Right Now:

@siringo... Ping!
Just checking in to make sure you're ok.

Things seem to be a bit crap over your way.

Hey, how are you going. Things are turning upside down over here.
My wife and I live 4 hours out of Melbourne so we're free and easy, just can't leave the state nor visit the capital.
I'll tell you what the world is going to be like this until a vaccine is found, so this could be going on for a few more years.
The Premier said yesterday that one problem they have is getting enough people to do the tracing work that is required. It spreads so fast that they run out of manpower.
It must be a nightmare in places with a greater population.

Don't say that man - Next year is my 20 year wedding anniversary - and we planned a two week vacation to Aussieland!

It's a big place. Plenty of places to pick.

Nope. https://www.miamiherald.com/news/nation-world/world/article244059902.html

and? Nothing unusual...

I reckon the USA is scarier, you guys have bears. You can't outrun, out climb, out muscle those things.

Bears stay in the mountains. Spiders are jerks (see: https://www.facebook.com/uniladmag/videos/4375225242500501/). Snakes don't give a fuck, and they bite the Uber.

Nope.

They don't, I've got nearly nose to nose with a bear in the yard while taking out the trash.

But I've also had a huntsman in my hallway.

In Dallas?

Bears in upstate NY. Huntsman on Crete, in Aptera.

I'll take a few more bears in NE Ohio if they eat some of these damn deer.

Send the deer to me, I will eat them all.

All you have to do is come sit in my back yard with a bow and have at it. You can get 4-6 a week. Unfortunately, city ordinance doesn't allow it.

@scottalanmiller said in Email Fields mail and mailfrom Need Not Match:

@dbeato said in Email Fields mail and mailfrom Need Not Match:

So the admin was saying that the Email and mail from needed to match?

No, that the from and mailfrom fields need to match in the header. Makes no sense. Clearly doesn't grasp how email works.

Nice to know I wasn't the only one totally getting it.

@RojoLoco said in What Are You Doing Right Now:

@pmoncho said in What Are You Doing Right Now:

@RojoLoco said in What Are You Doing Right Now:

@pmoncho said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

@Grey said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

@Grey said in What Are You Doing Right Now:

@siringo said in What Are You Doing Right Now:

@Grey said in What Are You Doing Right Now:

@nadnerB said in What Are You Doing Right Now:

@Grey said in What Are You Doing Right Now:

@nadnerB said in What Are You Doing Right Now:

@Dashrender said in What Are You Doing Right Now:

@siringo said in What Are You Doing Right Now:

@nadnerB said in What Are You Doing Right Now:

@siringo... Ping!
Just checking in to make sure you're ok.

Things seem to be a bit crap over your way.

Hey, how are you going. Things are turning upside down over here.
My wife and I live 4 hours out of Melbourne so we're free and easy, just can't leave the state nor visit the capital.
I'll tell you what the world is going to be like this until a vaccine is found, so this could be going on for a few more years.
The Premier said yesterday that one problem they have is getting enough people to do the tracing work that is required. It spreads so fast that they run out of manpower.
It must be a nightmare in places with a greater population.

Don't say that man - Next year is my 20 year wedding anniversary - and we planned a two week vacation to Aussieland!

It's a big place. Plenty of places to pick.

Nope. https://www.miamiherald.com/news/nation-world/world/article244059902.html

and? Nothing unusual...

I reckon the USA is scarier, you guys have bears. You can't outrun, out climb, out muscle those things.

Bears stay in the mountains. Spiders are jerks (see: https://www.facebook.com/uniladmag/videos/4375225242500501/). Snakes don't give a fuck, and they bite the Uber.

Nope.

They don't, I've got nearly nose to nose with a bear in the yard while taking out the trash.

But I've also had a huntsman in my hallway.

In Dallas?

Bears in upstate NY. Huntsman on Crete, in Aptera.

I'll take a few more bears in NE Ohio if they eat some of these damn deer.

Send the deer to me, I will eat them all.

All you have to do is come sit in my back yard with a bow and have at it. You can get 4-6 a week. Unfortunately, city ordinance doesn't allow it.

City ordinance means much less when you process the deer yourself. Besides, I balk at the laws of man.

That is why they are still alive and ruining my yard. I can't stomach the processing.

@travisdh1 said in Windows update and Sophos:

@pmoncho said in Windows update and Sophos:

@travisdh1 said in Windows update and Sophos:

https://support.microsoft.com/en-gb/help/4493467/windows-8-1-update-kb4493467
https://support.microsoft.com/en-gb/help/4493472/windows-7-update-kb4493472

Both react negatively when running Sophos. You're not able to login.

They effect all currently supported versions of Windows, not just Window 7 and 8 like the links would lead you to believe.

No prizes for guessing which anti-virus dashboard we use.

I have read other sites/posts that stated they did not have Sophos installed. Just wondering if I should follow suit and decline the update.

Those two specific ones, you might want to wait until they release a fix for the fix.

That is currently the plan. Hopefully a fix comes soon.

@WrCombs said in Huge Mistake:

There's apparently a theory that you can "freeze a hard drive, and get it to read again"
Anyone ever hear of this?

Yep. Spinners only. I've been successful 3 out of 12 times. It only works when the drive heads or a platter is "stuck"

Wrap in saran wrap and Freeze for 2-3 hours, give a decent love tap along the side of the drive on the floor and plug it in to see if it will start.

@scottalanmiller said in The Hidden Cost of Licensing Windows Server - Activation:

Just looking at this with a customer that just put in a new Windows 2019 server. The machine was purchased with a volume license agreement for Server 2019 Standard. Everything should be super easy, in theory. Problem is, license key from the volume license center doesn't work. We spend a bit of time trying to get this to apply, but no luck.

I have run into a similar situation this morning and not being able activate the VLSC liscense.

Before I decided to call MS and getting frustrated, I was able to activate from an elevated command line.
cscript c:\windows\system32\slmgr.vbs /ipk <product key>

Throwing this out here in case someone comes along this post at a later time.

@brandon220 said in What Are You Doing Right Now:

@jmoore I will utter these words: "Because that is the way we've always done it". I can't even explain the difficulty I have trying to get some people to even try a different solution for anything.

Same goes for printers. If someone has to walk more than 3 steps to get to a printer, they complain. It blows my mind how much gets printed and then shredded. Or, better yet - printed, then scanned to a file, and then shredded. I wish I were joking. Paperless is a bad word among the people I work with.

I could go on and on.....

I have the EXACT same issue. What a huge waste of time and money.

Emailed PDF, printed, then scanned to PDF, upload to DMS and then shredded. At least 2-3 cases of paper weekly.

@Obsolesce said in Get Windows Version from Command Line:

However, I do understand the possiblility of running into Windows versions that may not have some PowerShell modules and may not be able to automatically obtain it in the script, requiring C

As I start to learn a little more about PowerShell, this has become one of my most aggravating issues.

The 2nd is not having some of the same cmdlets on Server version vs Desktop version for the same feature/function (don't know the right verbiage).

@jmoore said in Random Thread - Anything Goes:

@pmoncho said in Random Thread - Anything Goes:

@jmoore said in Random Thread - Anything Goes:

@pmoncho said in Random Thread - Anything Goes:

@jmoore said in Random Thread - Anything Goes:

@pmoncho said in Random Thread - Anything Goes:

"All I wanna do is zoom-zoom-zoom-zoom and a boom-boom." With a little ZM. Not a bad night for this ZM shareholder.

Right? Never thought they would go this high. I wonder if I should keep holding or not lol.

Interesting isn't it. As for holding, how long is work from home going to last???? Even if there is a vaccine, is WFH here to stay? Those are questions I ponder myself. I want to say yes and ZM will be fine for the next long while. Trying to figure out there retention rate myself.

My cost basis is around $60 so I sold around 10% of my holdings around $445 to get back my initial investment while I see what is going to happen. If after three days, it can hold, I will just buy back in and ride it to newer highs. Just wish I had bought more at $120 but it didn't "feel" right (see what emotions do! Grhh).

Yeah I understand totally. I bought in at 73. I will probably sell soon as I got more out of it than I dreamed for sure and don't want to be too greedy lol.

LOL I get that. I thought I was greedy by not selling when it was @ $165. Looks like holding was the answer. Now that its more than doubled since then, I decided to take some off. +30% overnight while at a prior all-time high, yeah, keeping a few of those bucks just seems prudent.

I can't figure out if they are going to keep going up, split or something else lol

LOL Welcome to investing!!!!

@Obsolesce

I get that. Currently, I don't know what I don't know so I need to learn how to know what I need to know that will solve the current "not knowing what I don't know" situation. :winking_face:

@Dashrender said in What Are You Doing Right Now:

Apparently Colorado is in a housing crisis - the marajana shop owners are using their cash to buy homes at inflated prices (because they are competing against each other) because they can't deposit their money into federally backed banks.

Buy/Build drive-thru car wash.