Apache and suexec issue that wont let me run my python script
Chris Angelico
rosuav at gmail.com
Wed Jun 5 04:09:50 EDT 2013
On Wed, Jun 5, 2013 at 1:55 PM, Νικόλαος Κούρας <nikos.gr33k at gmail.com> wrote:
> Good Day Chris, thanks for accepting.
>
> Please mail me and i will send you the root login credentials.
Well, I wasn't sure whether this would actually happen or not, but it did.
I made it fairly clear to him in multiple posts that I was NOT going
to sort out all his problems, yet he clearly did not read that, and
has seen fit to compromise his security to the extreme extent of
giving his *ROOT PASSWORD* to a total stranger over the internet.
With that power, I could have done anything. I could have wiped out
all his clients' data. I could have searched through his database
content for credit cards, customer information, the works. But I
didn't; I merely placed a small file in the public_html directory of
each of the twelve web sites he has hosted:
http://superhost.gr/Hello_from_Rosuav
http://leonidasgkelos.com/Hello_from_Rosuav
http://parking-byzantio.gr/Hello_from_Rosuav
... and nine others
I have also contacted all the site owners who had a .contactemail file
in their home directories, informing them of the situation.
Oh, and I changed the root password, since the current one was sent in
clear text across the internet. Nikos, the new password has been
stored in /home/nikos/new_password - you should be able to access that
using your non-root login. I recommend you change it immediately.
Peanut gallery, did I make it sufficiently clear beforehand that
giving out your root password is a bad idea?
ChrisA
More information about the Python-list
mailing list