Find the answer to your Linux question:
Results 1 to 2 of 2
Hi, My virtual server hosted by a large and well known hosting company is behaving very oddly, even after re-imaging. Symptom: When logged in as a normal user I can ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Engineer
    Join Date
    Jul 2003
    Location
    Stockholm, Sweden
    Posts
    1,296

    Exclamation Has my hosting provider been compromised?


    Hi,

    My virtual server hosted by a large and well known hosting company is behaving very oddly, even after re-imaging.

    Symptom:

    When logged in as a normal user I can "su" or "su -" to root with both the root password or the normal users password, note that sudo is not installed.

    I can ssh to the machine as root@hostname with either the user accounts password or the root password.

    I created a second user "testuser" and set the password to "test". This new user has no priviledges other than being a member of the "users" group, not wheel or admin or anything. I can ssh to the server with testuser@hostname and the password "test", as it is not in the wheel group it should be impossible to su - to root, and when attempting that it actually does fail if I enter the "test" password but it STILL WORKS if I use the root password OR the other users password.

    Another oddity is the output from the "passwd" command:

    $ passwd
    Changing password for user USERNAME.
    Changing password for USERNAME

    Note the extra line in the output.

    I have since re-imaged the machine with the same image (provided by my hosting provider) and the issue remains. They are investigating it and have so far been able to confirm only that I am correct in that there is something wrong.

    What can the problem be other than that the image has been compromised? If this is true then potentially thousands of their other customers are at risk.

    Your advice is welcome!

    /variant

  2. #2
    Linux Engineer
    Join Date
    Jul 2003
    Location
    Stockholm, Sweden
    Posts
    1,296

    Smile

    Problem solved! Apparently the image was wrongly configured so that it ignores everything past 8 characters:

    /etc/pam.d/system-auth

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •