[Gllug] Insecure practices at my ISP
Stig Brautaset
gllug at brautaset.org
Fri Apr 4 00:05:59 UTC 2003
On Apr 03 2003, Garry wrote:
> I recently signed-up for ADSL with PlustNet (www.plus.net) and my account
> comes with 250Mb of webspace with MySQL, CGI and telnet access. So far, so good.
>
> I just logged into my telnet account to find I can browse the whole shared
> CGI directory and most of the Linux server's root directory. Almost all the
> directories and files on the machine, save the really crucial ones
> ('/etc/shadow', for example), have 755 permissions. All the user accounts,
> which contain a default empty 'cgi-bin' directory, are under
> '/file/home1/<username>' and only one or two users have changed their
> permissions.
I've got a plus.net account, and I didn't even know I could telnet in
anywhere... I got it strictly for the connection though, as I've got all
the hosting space I want through other means.
Stig
--
brautaset.org
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list