Servers - General

DL385 gen 7 ILO Virus

 
sirslayerjr
Occasional Visitor

DL385 gen 7 ILO Virus

I have a HP DL385 gen 7 with a Corrupted BMC..  Its a crypto/hijacker hiding in a SEP (PCMICA) 6gx8 virtual drive ??  on the p410i HP array. Is there a tool  or a managment progarm that can remove the SEP drive on the array and a simple magangment program that can protect the ilo and the hp array from outside inturders ??   I love my DL385 AMD server that is almost 6 years old!!  otherwise it is useless because the hijacker will soon  lock you out ..  under ubuntu it takes a week before it locks you out. Under win 10 pro , you can hear the bmc and the fans trying to fight against win 10 stand by modes..   

1 REPLY 1
Vador
HPE Pro

Re: DL385 gen 7 ILO Virus

Hello,

I am not aware of the removal of the SEP drive that you notice on the array. However, I am curious to know what you mean by corrupted BMC? Is a reset to factory defaults also not able to recover it?

One of the simplest way to protect iLO is by not connecting it directly to the public network. There are encryption modes that are available in iLO3 as well and that can be used to secure it further. iLO 3 User Guide has more on this, the requirements (and implications) and the steps to perform.

As far as protecting the array is concerned, ensure that you have implemented security measures across your infrastructure, i.e. server/storage/network.

Regards,
Vador

I am an HPE Employee

Accept or Kudo