No offense... that server sucks Really! Why? It isn't secured enough. If you give login and password for it, you should disable SSH access. Why?

BECAUSE I CAN:

- login onto server via ssh
- change password for current user
- execute a program which can be malicious
- do something nasty and leave that server's IP address somewhere else ^^

Here you go, this is a copy of /etc/passwd, the file which users' logins are stored in:

quickie:x:686:686:eplus.zftp.com:/home/quickie:/bin/bash
root:x:0:0:root:/root:/dev/null
smmsp:x:51:51::/var/empty/smmsp:/dev/null
sshd:x:74:74::/var/empty/sshd:/dev/null
apache:x:48:48::/var/www:/dev/null
mail:x:686:686:mail:/var/spool/mail:/dev/null
ensimrootmail:x:8:686:ensimrootmail:/var/spool/mail:/dev/null
tomcat4:x:101:102::/home/tomcat4:/dev/null
mysql:x:27:27::/var/lib/mysql:/dev/null
ftp:x:686:686:ftp:/home/ftp:/bin/bash
majordomo:x:686:686:Majordomo List Manager:/usr/lib/majordomo:/dev/null
quake:x:22262:686:Excessive:/home/quake:/bin/bash

Do you want to see something else? Here you go, httpd log file - we can see which files were accessed by which IP and detailed hour:

http://eplus.zftp.com/~quake/access_log.txt

Of course i can do more harm, for example add command deleting all files from home directory to crontab. What does it mean? That all files users uploaded would be deleted automatically, let's say, once a week. Who would guess what's wrong, huh?

So, what admin should do? Not very much. Remove user 'quake' from SSH group (or sth like that, depends on distribution used), and chmod -R 600 /home/quake (files from public_html won't be readable by httpd then, but - safety first, right?)

And, for the end...

http://eplus.zftp.com/~quake/

PEACE !

[code:1]
login as: quake#eplus.zftp.com
quake#eplus.zftp.com@eplus.zftp.com's password:
Last login: Fri Jan 12 15:06:19 2007 from aoy37.neoplus.adsl.tpnet.pl
-bash-2.05b$[/code:1]

neoplus! hehe,
rly if some1 use same pass to ftp and ssh, that was isnt hard, i can do that same

Cheers.