- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
TRWTF: I actually enjoyed this story...
Admin
"scrubber" in the UK is a word which was popular in the 1970s and 1980s to mean what you Americans usually call a "ho". AKA: "slapper".
Admin
Anyone try clicking "done" in paragraph 3, simply because it was underlined, even though there was no logical reason for such a word to link to anything and the links are blue on TDWTF as illustrated in paragraph 2?
No? Me neither....
Admin
Admin
sometimes there is a cornify link hidden in the text...
Admin
I hovered over it, wondering whether.
Admin
I did, I regret it now, I wonder if I will recover fully....
Admin
Of course, that might not mean any causation but could be caused by some mysterious "cornify_article.sh" left by a pair of network guys at one time employed by a comparison shopping site in West L.A....
Admin
Admin
TRWTF is having PermitRootLogin enabled.
Admin
not malice? Yet they had a script that deliberately kicked other users off the system.
I would have wiped the entire server and rebuilt it - like a virus infestation, I'd never consider it safe unless it was totally disinfected.
And I'd also install aide to keep an eye on what else they might do in the future... with a view to getting them sacked with extreme prejudice!
PS. yes, I enjoyed this one too.
Admin
Could be worse
Admin
Admin
Who the hell gave the root password to the (poorly) trained monkeys in the first place?
For that matter, why do you still even have a root password? I haven't seen one of those in about a decade. Everyone should be logging in under their own ID for audit purposes, and su as needed. (Has Windows implemented^Wimitated this yet?)
Though that would have made diagnosis more difficult in this case, it might have also confused the monkeys enough to prevent the issue altogether.
Admin
Yeah, I did. I was hoping for Cornify... I was sadly disappointed.
Admin
But why would anyone do that?
Seriously, why do some sites go to all the bother of creating links and then style them into oblivion? Or, similarly, obfuscate them behind a bunch of script nonsense so that they act like links (sometimes) but don't parse like links?
Oh, yeah... monkeys. Got it.
Admin
Sudo for Windows? I'm not sure if this is the one I've tried or not... I'm not using anything like this on Windows at the moment.
Admin
Little tarts! They love it!
Admin
Had meself a good scrub by a scubber last eve
Admin
Oho, brilliant film! That cheered me up and no mistake.
Admin
Interesting story, but again, no WTF to be found.
Admin
In India scrubber is something we use to scour vessels. There are two kind of scrubber that are more commonly available. Plastic fibers! [image] Steel Wool! [image]
Now American company called 3M is also selling some product that does job of scrubber. It is expensive compare to other product. [image]
Admin
Only meaning of slapper I know is http://dictionary.cambridge.org/dictionary/british/slapper
Admin
Use Tapermonkey (or similar) and an easily found/written script to show hidden content and highlight cornified links.
Hint: There is hidden text in this story, but no corny links.
Admin
Does the name Puppet not make anybody else think of a bad low budget horror movie?
Admin
Admin
Admin
Admin
Actually, I believe there's a WTF in using a cron job (I assume) to kill SSH connections from 'unauthorised' users, rather than using sshd_config's AllowedUsers keyword.
There's also the query of either why Russell was deploying to "Craig and Carl's devlepment server", or why Craig and Carl had attempted to appropriate an in-use server for apparently personal purposes.
Admin
Well, if they'd just change all their links to say click here then they wouldn't have any problems. Users will know what are links.
I mean.... hyperlink be damd.
Admin
Right click and Run As Administrator.
It will escalate and give you a warning box.
Even better, you can set an app to always run as administrator. It doesn't do that silently; it asks for escalation every time it runs...
Honestly I like it better, because that means you can't hide the escalation in a script.
Admin
Turns out it was beastly for running a Unreal 3 tourney.
Admin
Admin
Admin
Admin
There's also "slosher".
Admin
Withnail & I
Admin
At minimum Windows 2000/XP if not NT. (Infrastructure was there) And not just elevation, but you can drop permissions too... (And don't forget Xenix)
Admin
Unless you turn UAC off... (and there's 'runas' for the command line)
Admin
The two had been roommates in college and took a strange pride in telling Russell how they'd been too busy "hacking" (their word) to pass most of their classes.
Really Dan? You put the word "hacking" in quotes, to signify that it was a quote, then felt the need to further inform us that someone was being quoted? Really?
Admin
The TRWTF was Russell was not in craigslist
Admin
Yeah, it seems the story ended rather abruptly without giving any hint WHY they were doing this. Was this a lame attempt to keep out hackers? Or were they deliberately trying to keep other employees off this server? Why? Were they hiding something?
This is like a new employee joining the company and promptly changing the lock on the door to the file room with no authorization, and keeping the only key for himself. Would the company really just say, "Oh, okay."? I would think SOMEONE would want to know what he was up to and why.
Admin
Hey! My name is Carl, you insensitive clod!
(note to self: disallow root logins on the server I "hacked")
Admin
Don't know 'bout the rest of you, I have visions of Craig and Carl waiting for the 'puppet-master' to leave the room, then spouting "Excellent!!!" and playing air guitar.
Admin
Flashbacks to Adequacy.org
Admin
Yeah, it's called UAC and it's awful.
Admin
I wonder why they didn't just set the following in /etc/ssh/sshd_config?
AllowUsers = root craig carl
At the very least, they should also have:
PermitRootLogin without-password PasswordAuthentication no
And much better would be
PermitRootLogin no PasswordAuthentication no AllowUsers = craig carl eric76
Of course, the AllowUsers would also include everyone else who might need to use ssh to access the host.
Admin
We installed a scrubber at the well to remove hydrogen sulfide from the natural gas used to heat the house.
Admin
great. thanks, dude. you've impressed us all.
Admin
Top posters are easily impressed.