VicToMeyeZR Posted October 25, 2008 Share Posted October 25, 2008 Anyone have/had problems with people finding a hole in the superadmin. I have someone that was able to create a virtual server for himself by loggin in through the superadmin account.. They must have a program the quearies all the default superadmin passwords that TS creates on the install? Link to comment Share on other sites More sharing options...
SickPuppy Posted October 25, 2008 Share Posted October 25, 2008 Anyone have/had problems with people finding a hole in the superadmin. I have someone that was able to create a virtual server for himself by loggin in through the superadmin account.. Yes this is a well known security issue with T/S. Anyone can take advantage of it. Link to comment Share on other sites More sharing options...
VicToMeyeZR Posted October 25, 2008 Author Share Posted October 25, 2008 well nice. Glad to see TS addressed the issue Link to comment Share on other sites More sharing options...
studeggle Posted October 25, 2008 Share Posted October 25, 2008 You should ALWAYS set your own password or at the least use a third party password generator(without letting others know what it is. ALL computer generated passwords follow a logic procedure in there creation that can be reversed). Default passwords are just that default, there purpose is to provide temporary security while you set things up, you have no one but yourself to blame if you left a default password in place. Also no password in the world is immune from cracking if the system is ignored, you must always pay attention to your log files for brute force attempts on your password, and block offenders and cycle your password so time spent trying to brute force it is wasted. I'd suggest you review security 101 if you’re going to run a online company Link to comment Share on other sites More sharing options...
VicToMeyeZR Posted October 25, 2008 Author Share Posted October 25, 2008 yeah, well all said and good... I have to address them as I see them. Only so many hours in a day. Link to comment Share on other sites More sharing options...
JasonF Posted October 25, 2008 Share Posted October 25, 2008 Does the user normally have Superadmin access or was he able to gain it? Link to comment Share on other sites More sharing options...
Dan M Posted October 25, 2008 Share Posted October 25, 2008 People can view the logfile which contains default SSA password on the main server when created. If you don't change the password people can recall back to the logfile with an exploit and get in through Superadmin. Link to comment Share on other sites More sharing options...
{-SMAKU-}_MotorMouth Posted October 25, 2008 Share Posted October 25, 2008 Also turn off the web admin panel in the config. That way only a person logged in to the box can gain access. I don't remember where it is I did that on my personal T/S I ran a few years back. Link to comment Share on other sites More sharing options...
JasonF Posted October 25, 2008 Share Posted October 25, 2008 I don't remember where it is I did that on my personal T/S I ran a few years back. In the TS server's ini file. Link to comment Share on other sites More sharing options...
VicToMeyeZR Posted October 25, 2008 Author Share Posted October 25, 2008 Does the user normally have Superadmin access or was he able to gain it? Yeah, he gained it. Not even a customer or user. Created a port 1337 server.. Its all good. I got it taken care of now Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.