OT - WAY - OT

Kenneth Brody kenbrody at bestweb.net
Sat Mar 22 11:09:05 PDT 2008


Quoting Bill Campbell (Sat, 22 Mar 2008 10:25:49 -0700):

> On Sat, Mar 22, 2008, Kenneth Brody wrote:
[...]
>> (Actually, rereading the above, I realize that I combined information from
>> several of the sites I tracked down.  The web-based file manager was not
>> on the same system as the world-readable data file, and so I was not able
>> to erase the valid-looking data from the file.)
>
> I *STRONGLY* suggest that people not use webmin/usermin on *nix systems
> without very carefully restricting access to them.  I have seen several
> systems compromised via these, usually as a result of bad user-level
> passwords.  I have also seen root exploits via usermin of known Linux
> security problems (the chfn command on some SuSE systems could be used to
> gain root access).
[...]

But, if the script kiddies were to stop using it, then we wouldn't be able
to "fix" their scripts for them, could we?  :-)

-- 
KenBrody at BestWeb dot net        spamtrap: <g8ymh8uf001 at sneakemail.com>
http://www.hvcomputer.com
http://www.fileProPlus.com


More information about the Filepro-list mailing list