Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
I had a similar experience with godaddy, except it was the generic inetuser account that had too many privileges. They didn't expect anyone to gain shell access since they disabled ssh, so I guess they didn't put any effort in. I used a php console emulator instead and went poking around.
Since every hosting account shared the same user, I could access and change any site I pleased. And since that user was also responsible for running e.g. php scripts, and they were total idiots, it had rights to like everything. Very lax security. I could change configs almost wherever I pleased. /etc/apache? Yup.
I should have installed a bitcoin miner. -
@Root holy shit... that's crazy! 😮
Credit : 9gag
Laughed so hard, that I had to defenitely post it on devRant.
Reality
hahaha 😁
Hey, looks like some employee of this hosting company failed to 750 his home directory and 640 the files...
I was SSHing around on our hosting account when I slipped into his home direcory where at least two(!) SSH public keys of his admin account for the server were readable!
Being an honest guy, I had to call them...
It's fixed now.
rant
public key
hey kiddo wanna get pwnd?
hosting
lol
ssh