[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-developers] Fixing the nasty RaQ Hack...
- Subject: Re: [cobalt-developers] Fixing the nasty RaQ Hack...
- From: Jörg Jan Münter <support@xxxxxxxxxxx>
- Date: Thu Jan 23 08:13:28 2003
- Organization: IndenieurbüroMünter
- List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>
Hi Peter,
Am Donnerstag, 23. Januar 2003 16:11 schrieben Sie:
> Misunderstanding. I use sftp because ftp is unsafe and to be able to use
> sftp you have to enable shell-accounts for every virtual site. Problem on
> my Raq is that any site administrator now has shell access on admin level.
> I don't grant it, it's somehow configured that way. So, something needs to
> be changed, don't know what yet.
> Using FTP with user admin is not a wise thing to do.
Yes, you are right, i wrote it the wrong way: I mean i would access the RaQ
ONLY by HTTPS or SSH if i need to be admin or root.
> I'm not taking any
> changes on getting a bill for 1400 GB of traffic that will cost me 42.000
> euro's! I even disabled ftp for the moment.
> Take care,
> Peter
>
> -----Oorspronkelijk bericht-----
> Van: cobalt-developers-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]Namens Jörg Jan Münter
> Verzonden: donderdag 23 januari 2003 15:07
> Aan: cobalt-developers@xxxxxxxxxxxxxxx
> Onderwerp: Re: [cobalt-developers] Fixing the nasty RaQ Hack...
>
> Am Donnerstag, 23. Januar 2003 13:46 schrieben Sie:
> > I know and don't/do. About two weeks ago an incident occured on a Cobalt
> > and a cracker generated about 1400 Gb of traffic in less then 3 hours.
> > Sniffing the ftp-account and getting root-access was the cause.
> > By the way: any site-administrator gets shell-access (admin) when using
> > sftp, that is to say, on my Raq4.
> > Peter
>
> Hi out there,
>
> why do you grant shell acces to any user? I wouln't grant anything but FTP
> access.
> And as someone already said i would access the RaQ by FTP with admin user.
> None of our customers needs shell access. If anything has to be installed
> it firstly gets checked by us.
>
> Yours
> Jan*
>
> --
> ---------------------
> Ingenieurbüro Münter
> Jörg Jan Münter
> Leipziger Straße 16
> 38165 Wendhausen
>
> info@xxxxxxxxxxx
> Tel: 05309 - 8052
> Fax: 05309 - 8053
> ---------------------
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
--
---------------------
Ingenieurbüro Münter
Jörg Jan Münter
Leipziger Straße 16
38165 Wendhausen
info@xxxxxxxxxxx
Tel: 05309 - 8052
Fax: 05309 - 8053
---------------------