Tech Stories

1. Y'all remember the null-route guy? Well, he called back this morning. Turns out that he gave the root password for his servers (yes, plural) to a person that he works with. That person, in turn, gives (according to the nice customer) multiple other people said passwords. People that, again per the nice customer, "you don't want to have them knowing the password to your server." OK.. so those multiple people install IRC bots, warez, etc on those servers. Customer calls up to have the passwords on the servers reset to "something random, you decide." Customer admits that the servers have been hacked. I told him he needs to have the servers wiped and the OS re-installed (~$200-300) on each (x the number of servers...). Oy vey, the hilarity continues... [By: deihu] Comment on Story Comments oh yeah.. sorry about the formatting.. I will eventually get a large a$$ -deihu I see the stupid tax comming for this one. -virusjtg Don't forget the 10% gratuity on top of that tax for you having to be in his presence and the 10% hazzard pay for the stupidity you may obsorb through osmosis by standint too close to him. -RA Oh golly, that does bring to mind the "network admin" starfish whose password got discovered -- "daisy", his dog's name -- and shared on the IRC. Abuse changed it to something random. He denied anyone had the password, despite the grep showing 90 concurrent logins from various IPs around the world. He wanted us to change it back to "daisy". Some people don't know when they're pwn3d. -Mushroom "....Peekaboo?!" -ShujinTribble Glad that guy doesn't work for a bank! -Tarantulus This is why on all of my machines I tend to set it up for key access only that way it's a two step problem. You've got to get my key AND my horribly long pass phrase AND know what my username is. Letting root login remotely is handy but ultimatley not worth it, su - should work a-ok. -fearmyroot You want the password? You can't handle the password!!!! someone had to say it -STJ

2. Null-route the server Ok y'all.. I don't post here often (this is prolly my 3rd post) but this one had to be mentioned. I work in a webshosting company and all of our customers have their own dedicated servers: some with us doing the adminstration, most doing it on their own. This little tidbit is about one of oour wunderkinds. He has 8 servers with us (4 Linux, 4 Windows) and none of them have an interface (Plesk, etc.). A few weeks ago we taught him how to FTP to the server. And how to copy a file in Linux while connected via SSH. (He did say he was an Admin..). Tonight took the cake. I've not talked to him in a while, for which I was uncaring. He calls in tonight to ask how to null-route the server so that he could make sure that some of the scripts that he is developing don't get changed. (For those that don't know, null-routing is denying all inbound and outbound traffic for the server.) Now, being the nice person that I am, I made sure that this is what he wanted. I advised him to get a Linux Admin Guide and make sure that he has full knowledge of what he's wanting to do. He says, "According to the researc I've done this is what I want." I told him that if he wants it done, cool, but he'd have to pay $45 for us to go the server and hook up a console to undo what he did. I also told him that, if he wants this done, he needed to create an online ticket for it becuase I was NOT going to type that type of request and have it (possibly/probably) come back to bite me. Am I wrong to consider this one a candidate for sterilization (either method)??? [By: deihu] Comment on Story Comments I can think of plenty of valid reasons why I'd want a linux box that was in my physical presence to have no in/out connections. For example, the new linux PVR / Tivo dealy I'm building only needs a connection to get updated listing, which it can also get via the coax. However, I can't see the point of having a remotely located box be cut off entirely. He's going to call back after the change is made complaining he can't access his server ya know... -snJimboip Hello, webhostingcompany? Yes, I'd like to make it impossible for anybody to reach my web server? You don't think that's a good idea? Well, then, you suck! :P Talk about someone about to Self-LART! -TechMama I think he's using the wrong terms and getting confused. You're most definitely right in not putting his request into your words, though. -namor BTW: The PTR records don't match forwards. Not a good idea. -namor

Customer Misconceptions

Customer Types