[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] [raq4] FTP - Admin user denied ?!!?

Subject: RE: [cobalt-users] [raq4] FTP - Admin user denied ?!!?
From: "Kai Deecke" <go@xxxxxxxxxxxx>
Date: Sat Jan 5 04:53:01 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Thanks wayne:

No one has got the password. It's changed weekly and VERY VERY long. If you
had a program to crack it... it would take you AGES. Only I know the
password and it is in my head. I have checked this also. I can log into ftp.
juts have no permissions.

I have a signed certificate by verisign... so it's all good

lrwxrwxrwx   1 root     root

root seems to own them. could this be why?

all help appreciated

regards,
kai
-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Wayne Sagar
Sent: Saturday, 5 January 2002 9:29 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] [raq4] FTP - Admin user denied ?!!?


>For the last few days when i log into the RAQ with user "admin" i have no
>permissions to create, delete etc.... whats gone wrong?

Where to start.... If you've been ftp'ing in with admin password.. maybe
someone snatched that plain text admin level password and changed ownership
of the files..

ssh in and ls -al and see who owns the files in question.

If you're ftp'ing in as admin, my guess is, you have never changed the RaQ
default setup that comes with the admin and root password the same.. So if
someone got your admin password, they are now in as admin.. and also able to
log in as root.. bad!

ssh in,

su root
passwd

Make a cryptic password with mixed case, symbols, numbers etc something over
8 chars.. WRITE IT DOWN somewhere..

Now you have at least two levels of safety.

All of the above is moot if the "root" of your problem is that someone
besides you is living there as "root"..

Install ssh, disable telnet, NEVER log into an ftp account as server admin,
install self signed cert on your main site for the box so that any admin
commands/passwords are sent encrypted.

If all of the above has already been done by you, disregard, if none of the
above has been done, strongly suggest reading the archives here on security
issues. Most have been discussed at great length with installation
instructions etc..

Hope this helps and GOOD LUCK!

WS

_________________________________________________________________
Join the world?s largest e-mail service with MSN Hotmail.
http://www.hotmail.com

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

Follow-Ups:
- Re: [cobalt-users] [raq4] FTP - Admin user denied ?!!?
  - From: Jeff Lasman

References:
- Re: [cobalt-users] [raq4] FTP - Admin user denied ?!!?
  - From: Wayne Sagar

Prev by Date: Re: [cobalt-users] [raq4] FTP - Admin user denied ?!!?
Next by Date: RE: [cobalt-users] [raq4] FTP - Admin user denied ?!!?
Previous by thread: Re: [cobalt-users] [raq4] FTP - Admin user denied ?!!?
Next by thread: Re: [cobalt-users] [raq4] FTP - Admin user denied ?!!?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index