#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2005
    Posts
    137
    Rep Power
    14

    Just inherited a Webmin server


    Hi,

    I just inherited administration of a server that is running webmin. I'm mostly a software developer, not a server admin, so I need a little help. The previous admin of this server is doing everything he can to screw with it - I've already had to fix a few things. We have a web server and DB server hosted on the box.

    When I look at the list of users there are a good number of them in there that seem like they could be used as service accounts, but I'm not sure so I'm afraid to delete them or change the passwords. Recently, the person attacking our server admitted he logged in under www-data user. Can anyone help me determine which user(s) I can remove and/or change passwords to?

    Also, is there any easy way to block this guy's IP address? I only have access to webmin - I haven't been able to SSH into the box to access command prompt. Ugh.

    Any other security recommendations?

    Sorry for being so broad, I just don't really know what else is out there that I don't know about.

    Thanks in advance!
    No trees were hurt in the sending of this message, however, a large number of electrons were terribly inconvenienced.
  2. #2
  3. Permanently Banned
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2006
    Location
    In a whale
    Posts
    4,127
    Rep Power
    0
    So...the previous admin is using unauthorized access to mess with your server?

    Also, a quick Google tells all.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2005
    Posts
    137
    Rep Power
    14
    This thing is a mess! I guess the lawsuits are flying, and I now I got a phone call from the previous admin trying to apologize and undo what he had done. He was logging in using a specific user account - www-data. I've since changed the password on that account. Doesn't sound like he's going to attempt much more. I'm still curious, though as to which user accounts in webmin I can safely update passwords for?
    No trees were hurt in the sending of this message, however, a large number of electrons were terribly inconvenienced.

IMN logo majestic logo threadwatch logo seochat tools logo