GoFuckYourself.com - Adult Webmaster Forum - View Single Post

RedShoe · 04-09-2001, 12:05 PM

I was uploading to my boss' server today. I'm what you might call "click happy". (I often move too fast and click the wrong button.)

While uploading using FTP, I clicked on an arrow that lead me deeper into the server, eventually I was at the main server administration page. From there I was able to see hundreds of usernames that were actually folders for that users ftp info.

They were encoded:
XXXXX-0945
XXXXX-0946
XXXXX-0947
and so on...

I clicked on some of them which led deeper into the server. Several led me to password protected areas, and some files were labeled as user logs. With my curiosity peaked, I viewed one. I found slightly encrypted usernames and passwords.

By slightly I mean, that their username and password weren't encrypted but their cc info was. Too many numbers to be CC. I then viewed a few html files and found the domain names that these usernames and passwords went to. (again, out of sheer curiosity)

I'm too paranoid, and my morals are too high for me to do anything illegal with this info. Which brings me to why I'm posting it here.

Is it really that easy for anyone to tap into our servers? I found it by accident, I'm sure some asshole that wants to do some damage, would have a field day with the info I was just exposed to.

How can I prevent someone from accessing my FTP server like that?

I even found some email logs with what looked like thousands of email addresses.

Fuck, this is scary. It can't be that easy. Can it?
Does this make me a hacker?
Or an idiot?

------------------
[email protected]
LeeannOnline.com

04-09-2001, 12:05 PM
RedShoe 赤い靴 call me 202-456-1111 Industry Role: Join Date: Feb 2001 Location: The Valley Posts: 14,831	Security Breach!! I was uploading to my boss' server today. I'm what you might call "click happy". (I often move too fast and click the wrong button.) While uploading using FTP, I clicked on an arrow that lead me deeper into the server, eventually I was at the main server administration page. From there I was able to see hundreds of usernames that were actually folders for that users ftp info. They were encoded: XXXXX-0945 XXXXX-0946 XXXXX-0947 and so on... I clicked on some of them which led deeper into the server. Several led me to password protected areas, and some files were labeled as user logs. With my curiosity peaked, I viewed one. I found slightly encrypted usernames and passwords. By slightly I mean, that their username and password weren't encrypted but their cc info was. Too many numbers to be CC. I then viewed a few html files and found the domain names that these usernames and passwords went to. (again, out of sheer curiosity) I'm too paranoid, and my morals are too high for me to do anything illegal with this info. Which brings me to why I'm posting it here. Is it really that easy for anyone to tap into our servers? I found it by accident, I'm sure some asshole that wants to do some damage, would have a field day with the info I was just exposed to. How can I prevent someone from accessing my FTP server like that? I even found some email logs with what looked like thousands of email addresses. Fuck, this is scary. It can't be that easy. Can it? Does this make me a hacker? Or an idiot? ------------------ [email protected] LeeannOnline.com