Forum Discussion
AltocumulusBIG-IP i2800 got hacked due to default password
Hello devs!
I got to a BIG-IP today that had a public IPv4 directly attached to it. And the client enabled "allow-service default" on it. And obviously he forgot to change the default password and some bot-net got hold of it, and the box was owned.
I now... It's stupid and sad. I know...
I asked them to fully disconnect all its ports so the bot cannot go any further.
In my mind, the way to go would be a full disk erase and re-install from scratch, meaning:
A- Disk erase utility - https://support.f5.com/csp/article/K15521 B- Full re-install - https://support.f5.com/csp/article/K13117
I have two questions:
1- Would disk erase be necessary? Because I think the full re-install already wipes the entire disk? 2- Will I have issues with the license? Since this is a i2800, I think that the license won't change, right?
Thanks! Rafael
Hi,
This can happen to the best ;-)
Before the re-install copy and past the license key. And a full re-install (from usb disk) will do the trick. And it has no impact on the license, the serial number of the unit won't change during the re-install.
Cheers,
Kees
Samir_Jha_52506Noctilucent
FYI, I am sure you guys are all aware about the securing one more layer to Load balancer to restricting GUI & CLI access by source IP address.
Link: https://support.f5.com/csp/article/K13309
rafaelbnCirrostratus
Yep! And that was one of our mistakes...
