Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Announcements (Altcoins)
Re: [ANN] DARKNET [DNET] QRK ALGO - PoW/PoS
by
borris123
on 15/03/2016, 23:02:19 UTC
Quote from: pjcltd on March 15, 2016, 10:38:39 PM
Quote from: Grandpa Jones on March 15, 2016, 10:30:15 PM
Quote from: pjcltd on March 15, 2016, 10:21:16 PM
Quote from: Grandpa Jones on March 15, 2016, 10:10:30 PM
I've become a fan of this project and have set up a few masternodes.

I am using the mp-hosting service and noticed that their VP servers come with several easily fixed security issues. For example, they have the unnecessary apache2 enabled, use the root account as the primary login, allow root remote login by ssh, run ssh over port 22, and even have bash history enabled. I created a script to fix these major issues.

https://gist.github.com/Grandpa-Jones/28d6588c980975931c84

Please see the comment about usage at the bottom of the gist (https://gist.github.com/Grandpa-Jones/28d6588c980975931c84#gistcomment-1724292).

Hi
thanks for this BUT
if the anyone runs this on there server  and forget the user name and or password  i will not be able to get them access back on the VPS
so please don't run this yet  I will find a better solution of you all.


thanks
Paul


The current root passwords are stored (in plaintext?) in your databases and served to endusers in the clear (not https).

If anyone forgets their password, they can just reinstall the vps.

Look at the /var/log/auth.log of any VPS and you can see it getting hammered on port 22. This is not only a security issue but it taxes the server's resources.

I could go on.


HI im not having a go mate
im just saying  we can go though the scrypt and str it out so used don't have issues

always help for any help to make this service better for every one


thanks
Paul


you two obviously know what your on about. I dont have a clue lol. If there are flaws in the security can you please PM him to sort it out instead of posting it publicly for the people who know what they on about to exploit?