Language Selection

English French German Italian Portuguese Spanish

They Came a Knockin and Webmin Let Them In

Filed under
Software
Security

Today was a sad day. I found out my streaming mirror/microblog server had been cracked. They exploited webmin and set up shop. Alas, there is no one to blame but myself. This is how I believe it went down.

About a month ago I tried to ssh into the streaming server but could not get in. Since this is a co-lo vms I contacted support informing them of the problem and asking them to kick the server. I suspected it was from a sour upgrade. They replied back that they found a problem in the sshd_config file and that things were back to normal.

This server had been running some three or more years now, it was the same debian install just upgraded. The company, tektonic, had gone through some changes with their systems and I never kept up with their administrative interface changes as I always used ssh, not their tools. Thus, having found myself in this predicament a few times in the past I figured I should find another way to remotely kick the system.

I looked around at their docs and tools but could not get access to my system.

rest here




re: Webmin

I'm curious why this guy thought he had to have Webmin installed to admin his server? What was oh so hard via the CLI that he needed that utility?

think of it this way

some people operate differently.

there are 'text' kinds of people, for whom working with console only is not really an issue.

Then there are visual people who it helps if they can "see" what they are doing.

Especially in terms of Webmin or similarly working app, I don't think it makes that much difference if they prefer GUI or text.

The ones that are really annoying are the ones who simply can't tolerate for anything but their own preferred method to exist. Or they insist only their preferred method is usable and everything else is junk.

There are reasons that installing a DE might not be a terrific idea, especially on a server, especially on a web facing server.

Webmin and other apps like it work differently than a DE though and the possible risk is what each individual has to determine if it's acceptable on their server and how to counter potential risks.

I don't see it as an either /or situation. More of if/then

Education is the number one security and prevention tool there is.

I'm posting this for Dann, the author of the original blog post

Dann says,

Vonskippy, if you had read my entire post you would have learned that this system be a co-lo vms and me having some issues with ssh, I wanted another way to gain access to the machine. I am fully aware that I could do everything and more through ssh, but when ssh does not work and the machine is on the other side of the country, one is pretty much stuck. While I think webmin is a fantastic tool when set up and secured properly, I tend to simply use ssh myself.

Just to clarify though, the fault was not webmin's it was all mine. I should have been on top of things and updated, configured, and secured webmin properly or at the very least disabled it.

You can read Dann's follow-up to this blog post here http://www.thelinuxlink.net/myblog/?p=199

actually

I know this comes off as nit-picking, but you keep asserting that you were 'clear' in stating that it wasn't Webmins fault. Yet the title leaves the reader hanging at "...and Webmin let them in"

so, in mine and a lot of other peoples eyes, it wasn't clear at all.

Thanks for clarifying on the new post though.

Jamie deserves a lot of credit for the great work that goes into Webmin.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

today's howtos

96Boards SBC showcases Mediatek’s deca-core Helio X20

MediaTek launched the fastest open-spec SBC to date with a 96Boards development board that runs Android on its deca-core Cortex-A53 and -A72 Helio X20 SoC. The “Helio X20 Development Board” is MediaTek’s first 96Boards form-factor single-board computer, and the most powerful open-spec hacker SBC to date. Although we’ve seen some fast 64-bit SoCs among 96Boards SBCs, such as the HiKey, based on an octa-core, Cortex-A53 HiSilicon Kirin 6220, the Helio X20 Development Board offers an even more powerful Helio X20 system-on-chip processor. Read more

Red Hat Financial News

Leftovers: OSS and Sharing

  • New projects, security, and more OpenStack news
  • LibreOffice 5.1.4 Released with Over 130 Fixes
    The first release candidate represented 123 fixes. Some include a fix for a crash in Impress when setting a background image. This occurred with several popular formats in Windows and Linux. Caolán McNamara submitted the patches to fix this in the 5.1 and 5.2 branches. David Tardon fixed a bug where certain presentations hung Impress for extended periods to indefinitely by checking for preconditions earlier. Laurent Balland-Poirier submitted the patches to fix a user-defined cell misinterpretation when using semicolon inside quotes.
  • Open source. Open science. Open Ocean. Oceanography for Everyone and the OpenCTD
    Nearly four years ago, Kersey Sturdivant and I launched a bold, ambitious, and, frankly, naive crowdfunding initiative to build the first low-cost, open-source CTD, a core scientific instrument that measures salinity, temperature, and depth in a water column. It was a dream born from the frustration of declining science funding, the expense of scientific equipment, and the promise of the Maker movement. After thousands of hours spent learning the skills necessary to build these devices, hundreds of conversations with experts, collaborators, and potential users around the world, dozens of iterations (some transformed into full prototypes, others that exist solely as software), and one research cruise on Lake Superior to test the housing and depth and temperature probes, the OpenCTD has arrived.
  • RuuviTag Open-Source Bluetooth Internet Of Things Sensor Beacon Hits Kickstarter (video)
  • Retro gaming on open source 2048 console
    Retro gaming in the open source vein could be on the upswing this season. Creoqode is the London-based technology design company behind 2048, the DIY game console with retro-style video games and visuals that is also supposed to help users learn coding.