Article 15856 at 09/07/31 04:59:52 From: webhosting (at mark) yahoo.com Subject: [coba-e:15856] Re: [LIKELY

Index: [Article Count Order] [Thread]

Date:  Thu, 30 Jul 2009 12:59:47 -0700 (PDT)
From:  Dan Kriwitsky <webhosting (at mark) yahoo.com>
Subject:  [coba-e:15856] Re: [LIKELY_SPAM]Root exploit on Blue Quartz
To:  coba-e (at mark) bluequartz.org
Message-Id:  <448973.64445.qm (at mark) web65603.mail.ac4.yahoo.com>
In-Reply-To:  <9277B28805F641DA9DE8381463E3DE12@HP9925NR>
X-Mail-Count: 15856



> I changed the permissions of
> /usr/sausalito/ui/web/base/vsite/manageAdmin.php to 000,
> now when you try to
> add a user, it just prints a blank page.� That should
> stop them from adding
> new administrative users.� But if the person knew my
> password, why didn't
> they just log in as "admin" and su to root?� That
> makes no sense, and it is
> possible I have accomplished nothing.
> 
> 
> 
You'll notice in brute force attempts that they try root and don't know they must log in as admin.

-- 
Dan Kriwitsky