15

Hey, looks like some employee of this hosting company failed to 750 his home directory and 640 the files...
I was SSHing around on our hosting account when I slipped into his home direcory where at least two(!) SSH public keys of his admin account for the server were readable!

Being an honest guy, I had to call them...
It's fixed now.

Comments
  • 2
    I had a similar experience with godaddy, except it was the generic inetuser account that had too many privileges. They didn't expect anyone to gain shell access since they disabled ssh, so I guess they didn't put any effort in. I used a php console emulator instead and went poking around.

    Since every hosting account shared the same user, I could access and change any site I pleased. And since that user was also responsible for running e.g. php scripts, and they were total idiots, it had rights to like everything. Very lax security. I could change configs almost wherever I pleased. /etc/apache? Yup.

    I should have installed a bitcoin miner.
  • 0
    @Root holy shit... that's crazy! 😮
Your Job Suck?
Get a Better Job
Add Comment