17

Hey, looks like some employee of this hosting company failed to 750 his home directory and 640 the files...
I was SSHing around on our hosting account when I slipped into his home direcory where at least two(!) SSH public keys of his admin account for the server were readable!

Being an honest guy, I had to call them...
It's fixed now.

Comments
  • 6
    honest guy :^) :^)

    well, I would be honest to after I realised there wasn't much of interest there either :D

    Ofc course I would have copied the keys if they were the private keys before alerting :)
  • 3
    I had a similar experience with godaddy, except it was the generic inetuser account that had too many privileges. They didn't expect anyone to gain shell access since they disabled ssh, so I guess they didn't put any effort in. I used a php console emulator instead and went poking around.

    Since every hosting account shared the same user, I could access and change any site I pleased. And since that user was also responsible for running e.g. php scripts, and they were total idiots, it had rights to like everything. Very lax security. I could change configs almost wherever I pleased. /etc/apache? Yup.

    I should have installed a bitcoin miner.
  • 1
    @Root holy shit... that's crazy! 😮
Your Job Suck?
Get a Better Job
Add Comment