Duncan Always switch your root password to something new after setting up your cobalt. The admin and root passwords are linked by the admin interface scripts. However, they operate independently.
Change your root password like so: $ passwd root This means that the password you use (transmit) during an insecure http admin session is not your root password. However, this offers just a little more security, as if you sniff the admin password and use it to log in to the admin pages via HTTP:81 a would be hacker can change both the root and admin passwords using the Administrator button. Rule of thumb, change your admin password regularly. ./Declan On 21/2/02 10:05, duncan gray at [EMAIL PROTECTED] wrote: > Hi, > Ive recently just had one of my websites hacked on my > server I have know Idea how as I thought my server was > pretty secure, As I've kept up to date with all the > latest patches, switched my tellnet over to SSH, and > so forth, my bigest guess is that you have to pass the > root password to the machine while logging in over the > Web admin pages, this scare me some what. But raises > some questions in my mind. > > A. is there a way to make the main admin pages work > off a different user account, If not why not as it > seems like a huge security hole to me. > > B. Secondly I dont know much about certificates, but > Is it possible to issue a client certificate or some > sort of certificate so you can limit only certain > browsers/users to access that site? and making sure > that the link between the server and the client is > secure? > > Thanks > > Duncan. > > __________________________________________________ > Do You Yahoo!? > Yahoo! Sports - Coverage of the 2002 Olympic Games > http://sports.yahoo.com > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security > _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
