[Nutopia]

Hi,

I just inherited administration of a server that is running webmin. I'm mostly a software developer, not a server admin, so I need a little help. The previous admin of this server is doing everything he can to screw with it - I've already had to fix a few things. We have a web server and DB server hosted on the box.

When I look at the list of users there are a good number of them in there that seem like they could be used as service accounts, but I'm not sure so I'm afraid to delete them or change the passwords. Recently, the person attacking our server admitted he logged in under www-data user. Can anyone help me determine which user(s) I can remove and/or change passwords to?

Also, is there any easy way to block this guy's IP address? I only have access to webmin - I haven't been able to SSH into the box to access command prompt. Ugh.

Any other security recommendations?

Sorry for being so broad, I just don't really know what else is out there that I don't know about.

Thanks in advance!

[ryon420]

So...the previous admin is using unauthorized access to mess with your server?

Also, a quick Google tells all.

[Nutopia]

This thing is a mess! I guess the lawsuits are flying, and I now I got a phone call from the previous admin trying to apologize and undo what he had done. He was logging in using a specific user account - www-data. I've since changed the password on that account. Doesn't sound like he's going to attempt much more. I'm still curious, though as to which user accounts in webmin I can safely update passwords for?