Security Issue?

silenx · October 1, 2015, 4:06pm

Hello, i found a very strange issue:
i have two virtualserver, with their two admin user. i will call vserver1.lan and vserver2.lan
After i create an email user for the two vserver: user1.vserver1.lan and user2.vserver2.lan …
Only for Webmail login… they have respetively their own password.

The strange issue is that this two user login to webmin backend ( https:url:10000 ) without password , with every char password, and with admin privilege … what’s happen?

I have community on debian 8 64bit

PS: DAMN … even root user enter without password … help!

Diabolico · October 1, 2015, 4:44pm

Did you try to clear all browser cache and then try to login?

silenx · October 1, 2015, 4:47pm

yes … i don’t know what happen … damn :\

silenx · October 1, 2015, 4:52pm

I will reinstall anything, damn :\

Eric · October 1, 2015, 5:09pm

Howdy,

Hmm, that is pretty unusual!

I haven’t heard of anything like that happening before.

Did all that begin happening recently? Or was it always a problem with this installation?

Also, can these users log in as normal via SSH?

-Eric

silenx · October 1, 2015, 5:12pm

only root, because i set on ssh server that only root can access via ssh

silenx · October 1, 2015, 5:17pm

i will try to recover /etc/shadow … if didn’t work i will go with reinstallation and restore of 2 days ago … i lost only yesterday, no matter.

silenx · October 1, 2015, 5:51pm

Now VPS reinstallation is blocked … wow … like an old italian journalist ( germano mosconi ) say: porcodxx.

So, even thank you for reply to me.

Diabolico · October 1, 2015, 6:56pm

Some host usually put max amount you can reinstall a VPS to prevent abuse. Ask your host to lift the limit or at least increase. In mean time i would suggest to shut down your server to prevent someone to jump in and exploit for bots, ddos, etc… This could cause your host to terminate your account.

silenx · October 1, 2015, 7:00pm

Host is ovh, is the first reinstall that i issue … i bought vps saturday

silenx · October 1, 2015, 9:10pm

@Diabolico are you italian?

VPS back online ( issue during automatic installation ), now i have finished to:

import the backup and virtualmin conf of two days ago. No webmin conf, because i have afraid of the password’s issue.
Imported the two site and my mailboxes. ( work do yestarday )

I thinked about a possible clue for the “password issue” … now i don’t have this damned thing.
The issue become with this ( i think ):
After installation i created an user ( a sudoers ) named “domain” ; after i create the virtual server “domain.tld” with administrator “domain.tld” ; after i created a mail account called “domain@domain.tld” ( so login name is domain.domain.tld, with domain@domain doesn’t work .very similar to unix user “domain” …

Now, with the new installation, i create the second unix administrator with totally different name .
Probably is not the cause of issue, but is the only difference with now ( and webmin conf is quite default )

Diabolico · October 1, 2015, 9:27pm

I’m not italian but i know italian language.

Like Eric said and i share with him same opinion i never saw something like this to happen to anyone. I know if you use FF addon to save passwords it could do something similar but still it would need to properly fill username and password. Either way good to hear the problem is gone.

silenx · October 1, 2015, 9:32pm

thank you diabolico and eric.

Backup always save life and headache.
I have a virtualmin demo on a local virtual machine, i will try to reproduce the step that i write.
If happen again , i will report here