Home › Forums › Chat Forum › Serious IT help needed!
- This topic has 285 replies, 94 voices, and was last updated 15 years ago by eth3er.
-
Serious IT help needed!
-
ZedsdeadFree Member
I need some serious help!
My manager called me in today regarding internet.
So there I am, sitting confused. He then shows me a list with 19 items. Ranging in size up to 6.7MB. Everyone of them has the web address ‘don’tclickthis.whatingods.name’
I’m still sitting confused and I don’t know what this is? I’m told it’s bad stuff! I ask if he knows what any of it is and he tells me that one is a dead polar bear! one is a naked woman! one is a child!
I am now going to be investigated!
Now, as I explained to him, I have never heard of this site. I have never looked at anything like this and I certainly wouldn’t go looking for stuff like this. I have never seen any of the images or whatever they are (the large files must be video or something?). I get home and look it up and see it looks dodgy from just the first page – I certainly didn’t click on any of it!
I’m gobsmacked! I have no idea where/how/why any of this haas happened? I have never downloaded anything except uni work (concrete centre etc) so I don’t even know what I should do?
My mate who sits next to me says not to worry as it’ll be a virus or something but I am worried – I don’t have a clue how any of this works.
I don’t know how I can defend myself for something I haven’t done, don’t know about or anything.
What can I do? How can something like this happen?
Thanks.
ricochet_robFree MemberDid they say you had been browsing to those sites or downloading ? or been emailing them ?
ZedsdeadFree Memberthey say it’s downloads.
Even if it were browsing I would remember the images – 2 were from last Wednesday and Thursday – my memory isn’t that bad.
ZedsdeadFree MemberAnd now having looked up the site on my machine at home I know I’ve never seen it before. Ever!
ricochet_robFree MemberWho is investigating ?
I would be very careful but they should/will be able to prove if it was you….or not.matt_outandaboutFree MemberSomeone used your ‘puter when you went to bog/lunch/meeting?
surferFree MemberHas anybody used your logon? Did you leave your PC unnatteneded without locking the screen?
Does your company have an IT policy? If so does it have internet browsing guidelines? Did you sign it?
BigButSlimmerBlokeFree Memberwhat kind of log?
why does he think it’s you? here, to get on the internet, you have to log in, and transactions are logged against my username – if someone else gets my password, it’s my problem.
logs should have dates and times against them – check them, were you at the computer at the time? was it left switched on and unattended
logs should also have ip addresses against them – do you use dhco pr fixed addeesses, if fixed, does it correspond to yours?Jackass123456789Free MemberFirst thing first, being an IT manager and having found pages viewed at work that shouldn’t have been I know how I would deal with it.
The best thing for you to do in all cases is be honest, not saying you have done anything wrong but if you point out any sites you shouldn’t have looked at i.e facebook, ebay, STW etc etc. this will show you are being honest. Most people have a browsing habit, if you have looked at uni sites etc you should tell them about them and they should have it logged. If you are using internet explorer, press CTRL and H and this will bring up your browsing history, look back and see if the sites are in the list. If they are then you will have to prove someone gained access to your login and has done this without you knowing. See if you can get a witness that you weren’t on your desk at the time.
It’s a hard one to prove although IT may have got it wrong. It might pay for you to have a word with IT and ask them (nicely) how they have found this out and what made them think it was you. Different logging systems use different ways. Older systems use computer names or IP addresses or others use user names – if it’s the username one get your password changed and get them to monitor it for you to make sure no one is doing it whilst you aren’t at your desk.
Any help just ask.
ZedsdeadFree MemberI have to log on to my pc. I have never ever told anyone my log in or password. The office is open plan so someone would see if anyone was on it. Plus it’s too many times for someone elso to be doing it.
There is a log but all I saw is a basic list – every one of the 19 downloads was from the ‘dontclickthis.whatingods.name’ site – of which I have never heard of, never been on, didn’t have any clue about it until today.
IT dept is investigating. I don’t know what type of log it is? there are dates and times (hence I know last Wednesday and Thursday).
logs have IP addresses – I have no idea about this? I don’t know much about this side of things?All I do know is that I have never looked at any of this – or even this type of stuff at any time. I would remember.
I do remember in the past that a chap from head office emailed me to ask me to close a document he wanted to use. It was a file I had never heard of, never seen and I don’t even have access to their server! And I didn’t have it open. I emailed IT at the time to ask why this would happen? Never got a reply.
ricochet_robFree MemberFind that email sent to IT and keep a copy, could be handy.
Jackass123456789Free MemberLittle note, I once caught my boss surfing p0rn sites. Was very strange as I knew he’d get the sack if I took it further and he had a family etc. Told him I would check his surfing habits daily and if he did it again I would take it further. Needless to say he didn’t and never bothered me about anything. Always kept a copy of the logs whilst I worked there though just in case – lol
ZedsdeadFree MemberThanks Jackass123456789,
I have been very honest. I geniunly don’t know what’s going on and it’s really worrying me. I browse the same sites regular and they’re not dodgy. The thing is it’s not various sites – just the one site mentioned above. It seems to be some sort of hosting site for files. Not a very nice one at that.
Jackass123456789Free MemberIP addresses are a series of numbers that get allocated to PCs when they are on a network. If things are logged to IP addresses you have to check what PC that IP address has been allocated too. Issues with this is that when an IP address is allocated it is given a lease, if not used within a certain time it goes back in the pot to be allocated to another PC. Depending how PCs are used etc. you could have an IP address that was previously allocated to another computer and have it now but was it was used incorrectly when allocated to another PC. They could have just got your PC mistaken with another. It might be IP 192.168.1.156 is allocated to PC-151 and you are actually using PC-152.
sevenFree MemberHave you googled the site name to se if there are any other people with issues from it?
From your home PC obviously 🙂
ricochet_robFree MemberYou might want to speak to HR and get confirmation of how official it is already.
I had the same once when I found one of the directors had been visiting some very strange sites(Grannies and Dwarfs, I kid you not !!)
The MD insisted I forgot what I saw !!! So I documented everything and sent it all to him special delivery and kept a copy for my records, all very dodgy.
surferFree MemberZesdead
See my earlier post ref your companies documentation, did you sign anything or have you been made aware of its policies?
This may have a bearing on how they proceed.
Have files been found on your hard drive? have they (IT) looked?Jackass123456789Free MemberWe use username logging here as it’s a bit more unique as you haven’t got to worry about different computers etc. The only issue is if someone knows your user ID and password. I used to work for a senior school and found kids with porn etc in their user areas and always found if they were honest they’d get away with it whereas the ones who denided it got the heavy treatement. Like the guy who sits next to you said, it could be a virus or that the system has just got it wrong. I wouldn’t worry too much as it is hard to prove it 100% and if they can’t prove it 100% you can’t really do anything. You might just get monitored and told by your boss to be carefull in a non offical telling off!!
If you are really worried go and see your boss and explain that you are worried and that 100% you don’t know what it is. He’ll be the one deciding what to do at the end of it.
I once got in trouble for excepting a gift from a supplier and the company found out. I was told I was in serious trouble and worried like mad for over a week, when it came to the meeting to find out what was happening it was a very jokey meeting and we weren’t even told off. Just told to give the gifts back and we shouldn’t accept them again.
ZedsdeadFree MemberI did sign an IT policy. It states don’t look at this or that – dismissal for this and that.
So I’ve never done it!
IT will look this week, but I know I have never downloaded anything. Please trust me on this – I’m worried because I know I’ve never done anything like this but I don’t understand how something like this could happen.
If I had done something like this I wouldn’t be asking for help – I’d just go looking for another job.
This is scaring me.
ZedsdeadFree MemberI have no problem in them designating monitoring software directly on me – I have nothing to hide, I never have.
It’s all very serious though.
I’m truly gobsmacked! I geniunely don’t know how any of this can be?
I’m worried, very worried but the more I rack my brains about it the angrier I get as I know 100% that I have done nothing.
ZedsdeadFree MemberI tried to have a chat with my boss but he says he can’t really talk about it. He has to remain impartial. I’m told I’ll get a letter with the time for a meeting with HR. I don’t know who else?
This kind of stuff is dismissal stuff, but as I said I don’t know how/why etc.
piedidiformaggioFree MemberThe bloke sitting next to you who said “My mate who sits next to me says not to worry as it’ll be a virus or something”
Strikes me as a slightly odd thing to say. Can you trust him 100%?
Jackass123456789Free MemberThe way I see it is that if they had 100% hard evidence you’d have been called into the office with your boss and been dealt with.
You have been shown a list of what you describe as a list of downloads and you are linked to it and IT are investigating it. IT should already have the evidence if they think it was you but I expect IT have to investigate as it isn’t 100% clear cut and could be a virus etc.
Speak to your boss but I wouldn’t worry too much (easier said than done). They would need hard evidence that you did it which would include files in your area or on the computer, times, multiple occasions and / or someone visually seeing you do it. They would have to prove 100% that it wasn’t a mistake or a virus to do anything as well.
ZedsdeadFree MemberI can trust the guy next to me.
Thanks Jackass123456789, it’s a little re-assuring. As I said, I worry because I don’t understand any of it or how any of this works. It wise that is.
All I have in my defense is that I really don’t know how it would be there? why it would be there? I’ve never even seen it?
Scary!
chompFree MemberIf it doesn’t fit with your regular browsing habits (if you generally only go to the same sites all the time) then make sure you stress this.
There’s a lot to be said for profiling, and if you can get them to check their logs and show that you generally only browse 10 – 15 sites regularly then this can help you out no end.
Also get them to see what sites were accessed around the time that the files were downloaded. If these are the same each time then you can get them to check these sites to see if they were loading something in the background which you might not have been aware of.
At the end of the day as people have said be honest and hope that your previous browsing history supports your claims.
Good luck
BigButSlimmerBlokeFree Memberagain – why does your boss think it’s you? there are a number of ways accessing the internet can be tied to individuals or computers, some more reliable than others. there are methods where, if security is lax enough, someone can acces the internet pretending to be someone else without a password?
However, there some so-called “IT Managers” who really don’t have a clue, and having found that someone is messing about on the internet, and not having the technical skills to catch them/stop them, will just resort to some kind of bullying. jackass has pretty much got things right there with regard to if they knew it was you, they’d have acted.druidhFree MemberHow was that picture redirecting thing working a couple of weeks back? Remember – some folk were posting bike pics but they were showing up as porn.
ZedsdeadFree MemberMy boss is just telling me what HR/IT have told him. I know as much as he does at this point in time.
Technology wise I don’t have a leg to stand on as I don’t know how any of it works?
Feels like I’m being set-up.atlazFree Memberdruidh – That’ll be referrer related (I’ve done it both with and without offensive imagery in the past) and he’d have seen them come up in his browser.
If I were you I’d specifically ask to see what evidence they have that it was you and take it from there. Strenuous denial can’t hurt but to be brutally honest, if I have evidence of a download that I trust, I’ll take that over a someone denying they’ve done anything wrong. They may just have suspicion but the sooner you know why the finger was pointed in your direction the better.
There’s numerous possibilities but depending on the content of the files, you need to take it seriously and once you’ve got it cleared, ensure ALL notice to it in HR is removed and you have a note on your file to say the same.
spikerman_1Free MemberGet them to tell you your regular browsing sites, if they cannot how can they pin this on to you.
Ask for evidence as to the times things were down loaded, correlate what you were doing at the time. If you were with your manager or someone senior as a alibi it makes for a case that your IT nerds are talking pants.
There are a load of ways to log internet traffic to and from a machine, without knowing which one they use the advice above is useful but not conclusive. Still saying that I can break most systems (and get paid for it) and not get caught.
If you need advice you can email me or I am sure almost anyone above. Chin up most of these things go no where.
BTW is yours a private or public company?
ZedsdeadFree MemberThey are a Ltd company – why do you ask?
I have no idea how they log anything. But I know they do.
I’ve done a little digging myself and the site in question (there is only one) is one that I have never been on, never heard of (until yesterday) and is not the type of thing I would go looking for.
I found something saying that the .name domain harbours hackers and “malware-spreading machines, zombies, and botnet control servers located under the .name space.”I’ll need to look further into it myself.
What I did notice from the spreadsheet my boss showed to me was that there are 19 individual files. The total size is 40MB. There are 12 seperate dates, 3 of which were last week. The times are around about lunch time. Now, these are large files – I would notice them. But I haven’t seen, been or noticed any of it. This is what worries me. Is it possible there is something going on in the background?
Or, could a site I browse be doing it?
I use the same half a dozen sites both at work and at home. I’ve been using them for years and never had a problem.I am worried as I don’t understand or know what is going on. Also, our IT dept have a history of being very poor. Our anti-virus software hasn’t been updated for months. Last summer anyway.
andywhitFree Member>I am worried as I don’t understand or know what is going on. Also, our IT dept have a history of being very poor. Our anti-virus software hasn’t been updated for months. Last summer anyway
Hmmmm, it’s possible that you’ve got a virus/trojan/whatever running on your PC which could be accessing dodgy stuff. Although a quick google didn’t show up anything like that. Ask them (IT dept) to perform a full virus scan with new virus definitions on your PC. And scan for trojans/malware also.
ricochet_robFree MemberMake sure your boss knows they are going to do the full scan… I would imagine that the IT Team would not want it being known that they let a virus cause such problem, and would not be shouting about it if they found one, they might just clean it and make like everything is OK..
ZedsdeadFree MemberWell it wouldn’t be the first time. A few months ago a couple of people in the office got viruses via facebook. ‘I found a video of you’ or something? They took them away to fix but still didn’t update the offices software.
I still think it could be something else though?
Being sacked for something I haven’t even seen though – scary!
enfhtFree MemberDo you keep your password secure, do you log into and out of your PC?
I’d have thought they would have had ALL the info when they pulled you in, not 50% of the facts.
If the antivirus is out of date, its a good indicator that the whole firms IT is under-protected.
Stick to your guns, either someone has been using your PC when you go to the loo, or your PC has been attacked, or your IT dept are idiots, or your firm is trying to make up lies to reduce staff.
Bear very clear, unless your IT dept can demostrate it was you they would have a hard case sacking or even disciplining you.
Keep us posted, I’d like to know how this progresses. If IT play “hard ball” I’m sure we can tell you what to retort with given they dont seem to have a real handle on their own infrastructure.
Good luck
ZedsdeadFree MemberThanks, I will.
I have a meeting this Friday I’m told. Until then I’m at home on full pay!
It’s worrying also because I’m 32, have a wife and 3 kids, I help run the local beavers and cubs and also help run a BMX club.
This kind of stuff could really mess up my life and I don’t know how any of it is happening?
The topic ‘Serious IT help needed!’ is closed to new replies.