Path: csiph.com!usenet.pasdenom.info!gegeweb.org!de-l.enfer-du-nord.net!feeder2.enfer-du-nord.net!feeds.phibee-telecom.net!newsfeed.xs4all.nl!newsfeed3.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.007 X-Spam-Evidence: '*H*': 0.99; '*S*': 0.00; 'charset:iso-8859-7': 0.04; 'root': 0.05; 'extent': 0.07; 'idea?': 0.09; 'oh,': 0.09; 'subject:script': 0.09; 'works.': 0.09; 'stored': 0.12; 'chris,': 0.16; "clients'": 0.16; 'did.': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'informing': 0.16; 'merely': 0.16; 'password*': 0.16; 'password,': 0.16; 'situation.': 0.16; 'subject:Apache': 0.16; 'subject:issue': 0.16; 'subject:run': 0.16; 'subject:python': 0.16; 'wrote:': 0.18; 'wed,': 0.18; 'not,': 0.20; 'fit': 0.20; 'fairly': 0.24; 'login': 0.25; 'sort': 0.25; 'posts': 0.26; 'header:In-Reply-To:1': 0.27; 'message- id:@mail.gmail.com': 0.30; 'subject:that': 0.31; 'file': 0.32; 'text': 0.33; 'could': 0.34; 'but': 0.35; 'received:google.com': 0.35; 'done': 0.36; 'thanks': 0.36; 'should': 0.36; 'clear': 0.37; 'to:addr:python-list': 0.38; 'pm,': 0.38; 'that,': 0.38; 'bad': 0.39; 'skip:. 10': 0.39; 'sure': 0.39; 'to:addr:python.org': 0.39; 'changed': 0.39; 'read': 0.60; 'new': 0.61; 'information,': 0.61; 'happen': 0.63; 'total': 0.65; 'anything.': 0.68; 'home': 0.69; 'day': 0.76; 'cards,': 0.84; 'directories,': 0.84; 'twelve': 0.84; 'power,': 0.91; 'login.': 0.93; 'subject:let': 0.93; '2013': 0.98 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=iLRRPfsK6UiggpIGKAM3Gx0nX4tKXOYi7F+jNViQqE0=; b=XizTTs0WfgibjC5rKuATkVHWecmJ/g6tQpj+gHNhoxvLVFd1cPeUu9IgjpTrdgcmm2 BDdSnfxzGKT8i+yfUpe4DX+XQU4zsDiQoh+6yXzFEEOJW+BvWAP7gTVV5uKvq+/PNnjc yhcyvYA2pQvgVn0BymuWFjNAgTUBTZwrQCYzZZZID2YO3g6ad1dBLvCagSdhCoI9OMkx hCi5EixhFplqWjzEtHxjq1gnME5lfOH0AxPEQB5PXj2KJh9kP40BPMnKa8ThG4fhh/ns 3vfm4bJakK/WfZTYU8oEXJ/d1eAPB21c2kiyFWrb+0kobEXhW4sbmDTUItfYHEX8oZ07 FKmw== MIME-Version: 1.0 X-Received: by 10.220.215.73 with SMTP id hd9mr20262409vcb.19.1370419790375; Wed, 05 Jun 2013 01:09:50 -0700 (PDT) In-Reply-To: <70390d65-5313-46bf-8110-b25f5fc9f76f@googlegroups.com> References: <20a49aac-3867-481f-96d4-c95a050781ed@googlegroups.com> <51AD70E8.70506@gmail.com> <6c0ed9da-0f29-4b6b-a804-771763454dd4@googlegroups.com> <4ed43a69-0dfe-4078-a836-db5201811761@googlegroups.com> <2e1dbdc2-6bca-4c4e-93b0-4c0cddb72bc1@googlegroups.com> <03d8964e-7cea-4072-b1f1-19d83e494191@googlegroups.com> <4b65cdfe-b6c2-4d97-8623-77b10711bf78@googlegroups.com> <2ecc95c4-6114-49a6-ad47-df7bae4adfde@googlegroups.com> <592c84d8-2e86-4480-b784-c3ccadc8360d@googlegroups.com> <06fd6c2e-0979-4d61-b75a-6d9df7c1b624@googlegroups.com> <70390d65-5313-46bf-8110-b25f5fc9f76f@googlegroups.com> Date: Wed, 5 Jun 2013 18:09:50 +1000 Subject: Re: Apache and suexec issue that wont let me run my python script From: Chris Angelico To: python-list@python.org Content-Type: text/plain; charset=ISO-8859-7 Content-Transfer-Encoding: quoted-printable X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 36 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1370419798 news.xs4all.nl 15916 [2001:888:2000:d::a6]:57712 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:47033 On Wed, Jun 5, 2013 at 1:55 PM, =CD=E9=EA=FC=EB=E1=EF=F2 =CA=EF=FD=F1=E1=F2= wrote: > Good Day Chris, thanks for accepting. > > Please mail me and i will send you the root login credentials. Well, I wasn't sure whether this would actually happen or not, but it did. I made it fairly clear to him in multiple posts that I was NOT going to sort out all his problems, yet he clearly did not read that, and has seen fit to compromise his security to the extreme extent of giving his *ROOT PASSWORD* to a total stranger over the internet. With that power, I could have done anything. I could have wiped out all his clients' data. I could have searched through his database content for credit cards, customer information, the works. But I didn't; I merely placed a small file in the public_html directory of each of the twelve web sites he has hosted: http://superhost.gr/Hello_from_Rosuav http://leonidasgkelos.com/Hello_from_Rosuav http://parking-byzantio.gr/Hello_from_Rosuav ... and nine others I have also contacted all the site owners who had a .contactemail file in their home directories, informing them of the situation. Oh, and I changed the root password, since the current one was sent in clear text across the internet. Nikos, the new password has been stored in /home/nikos/new_password - you should be able to access that using your non-root login. I recommend you change it immediately. Peanut gallery, did I make it sufficiently clear beforehand that giving out your root password is a bad idea? ChrisA