Conversation

Notices

1. Embed this notice
   Lelouche ? (lelouchebag@shitposter.club)'s status on Saturday, 17-Jun-2023 07:46:40 JST Lelouche ?
   Everyone's enjoying the fridey but I have to work all weekend :saddest:
   • Embed this notice
     Lelouche ? (lelouchebag@shitposter.club)'s status on Saturday, 17-Jun-2023 07:46:39 JST Lelouche ?

     in reply to
     Basically
     >get call from IT that a shit ton of data is being uploaded out of the server
     >tell him to chill and it's just us pushing everything to the git server
     >"no man this is like 500GB trickling out all day"
     >check the logs
     >rando IPs ssh'ing in
     >ask the guy why the hell that's occuring since the first thing I did was disable password auth in ssh in favor of keys
     >says he put it back on so he could get into the server
     >credentials are a combo you'd guess easily
     >I legit call him a retard over the phone
     >management finds out and gets all buttmad
     >turn everything off, airgap it from everything else
     >now have to come in early tomorrow to re-image ALLLL the machines and harden the servers all over again
     I swear to god if he tops this off by reporting me to hr for calling him a retard I will play minecraft. Also I'm already scoping out alternative IT support since this company is dogshit and genuinely doesn't know linux
     georgia likes this.
   • Embed this notice
     minty (minty@poa.st)'s status on Sunday, 18-Jun-2023 02:20:21 JST minty

     in reply to
     @lelouchebag windows people are the worst lol.
     Lelouche ? likes this.
   • Embed this notice
     minty (minty@poa.st)'s status on Sunday, 18-Jun-2023 02:20:22 JST minty

     in reply to
     @lelouchebag why are you even allowing these retards permissions to do stuff like this?
     
     He knew how to edit ssh config but not how to copy a public key to authorized_keys? Also fail2ban may have helped to prevent the password login.
   • Embed this notice
     Lelouche ? (lelouchebag@shitposter.club)'s status on Sunday, 18-Jun-2023 02:20:22 JST Lelouche ?

     in reply to

     • minty
     @minty >permission
     Not my choice, corporate's. The IT company we "outsource" our security to has some sort of insurance agreement. If their solutions are bad and cause harm, they'll insure the losses. Their mentality is that it's a "full time job" to run security yet the firm is literally running like every tech company in the area's security and constantly breaking stuff in my servers
     >he knew how to edit ssh config
     Maybe, I don't know much about windows servers (which the firm claims to be experts at) so maybe he knew from that? Or Windows server has some other way to secure stuff like ssh connections without keys? I know there's some 2fa you can set up with your phone. But I honestly think he just googled it since he knew I was able to disable it when I had him get his key sorted out
     
     And I was the one who put his public key into authorized_keys for him. And proceeded to give him the exact command and instructions (rename it to id_rsa and all that) to ssh in using the key. Maybe he wanted to access it from a machine and didn't want to move his key over? Maybe he messed something up and thought the ssh key login was busted, so he added password auth back during his last walkthrough? I really don't know. I have to call him tomorrow anyway for the loss report
   • Embed this notice
     minty (minty@poa.st)'s status on Sunday, 18-Jun-2023 02:20:23 JST minty

     in reply to
     @lelouchebag how did he reenable password auth if he couldnt get into the server?
   • Embed this notice
     Lelouche ? (lelouchebag@shitposter.club)'s status on Sunday, 18-Jun-2023 02:20:23 JST Lelouche ?

     in reply to

     • minty
     @minty He comes by the office for IT setup, fixing printers, routine walkthroughs, etc. I keep an ethernet cord plugged in since the time a guy wiped the iptables