itimpi Posted June 9, 2019 Share Posted June 9, 2019 57 minutes ago, HK-Steve said: I think that my Towers are unsecure, as I don't have to use a password. How can I make them secure? Go to the Users tab and set a password for the ‘root’ user. 1 Quote Link to comment
JonathanM Posted June 9, 2019 Share Posted June 9, 2019 6 hours ago, HK-Steve said: I think that my Towers are unsecure, as I don't have to use a password. How can I make them secure? The title of this thread refers to the fact that someone has exposed their server's webGUI to the internet, compounded by the lack of password. When you say you think your server is not secured, do you have access to manage the server from outside your LAN? If so, how exactly do you do that? If your answer doesn't involve connecting to your own VPN server, you are likely vulnerable. Quote Link to comment
HK-Steve Posted June 9, 2019 Share Posted June 9, 2019 38 minutes ago, jonathanm said: The title of this thread refers to the fact that someone has exposed their server's webGUI to the internet, compounded by the lack of password. When you say you think your server is not secured, do you have access to manage the server from outside your LAN? If so, how exactly do you do that? If your answer doesn't involve connecting to your own VPN server, you are likely vulnerable. Thanks, No I do not access outside my home network, I learned something today. Much appreciated. Quote Link to comment
jordanmw Posted June 10, 2019 Author Share Posted June 10, 2019 Well the good news is that the server is no longer accessible from the internet- not sure if that means that they finally fixed it, or if it is still just turned off. I'll check on it for a while to make sure it doesn't come back up. 1 Quote Link to comment
JonathanM Posted June 10, 2019 Share Posted June 10, 2019 25 minutes ago, jordanmw said: Well the good news is that the server is no longer accessible from the internet- not sure if that means that they finally fixed it, or if it is still just turned off. I'll check on it for a while to make sure it doesn't come back up. Or, their ISP issued them a new DHCP address. Quote Link to comment
jordanmw Posted June 10, 2019 Author Share Posted June 10, 2019 4 hours ago, jonathanm said: Or, their ISP issued them a new DHCP address. If they did, I still would have found it on the next google crawl. I wasn't looking for the address directly when I found it- stumbled across it when searching a log message. I hope that means that he put it behind a nat gateway. At any rate- I'll keep checking on it. Quote Link to comment
jordanmw Posted June 10, 2019 Author Share Posted June 10, 2019 Well LT just contacted me to let me know that the user did finally get their message and has taken steps to remedy the issue. Needless to say, they were glad that it was a community member that found it and shut it down to prevent harm. Glad they handled it before some black hat decided to re-purpose it. 4 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.