Server Remote Control iLO Boards Found on Shodan
I’ve been spending way too much time with Shodan (the computer search engine) lately. But what really bothers me is, every time I put time into searching for new things, I find them. And many times what I find boggles the mind.
Recently I found several search terms that bring up built in Server remote control iLO boards.
Integrated Lights Out, or iLO boards are installed on many servers. They are remote support solutions that allow an administrator to log into the computer and manage it from afar. Most allow complete control of the server including remote keyboard and mouse, the ability to power cycle the system and mount and access additional media remotely.
So far, I have found eight unique search strings on Shodan (like this) that reveal iLO boards for Dell, HP, Fujitsu and Sun servers.
When I was a server team guy for a large corporation, we regularly used these to completely set up and configure heavy duty servers that were located in different states. The local IT techs would unbox the server and plug it into a network jack. We would then log in to the iLO and install the Operating System, web apps, or whatever else was needed, remotely, without ever physically touching the box.
We also used them for trouble shooting. If a remote server had locked up and not responding at all, we would log in remotely to the iLO board and be able to service the system. Again without ever physically touching the system.
The fact that iLO boards can be found online is rather concerning. Granted many are there purposefully (so they can be remotely managed!) and are protected by a strong password. But several appeared to be using the default password.
If your company uses iLO boards on your servers, check them and make sure you are not using the default passwords! Change iLO passwords to long complex strings that you would use on any important system that is publicly available online. Disable or remove iLO boards (check your documentation) if they are not needed.
A little security can go a long way in protecting your servers from online threats.