Topic: Login Trouble And Friends That Stab You In The Back (Read 3877 times)

JayEm · « **on:** October 26, 2005, 01:06:29 pm »

Hi,

I was wondering if someone could help me with this problem:

I own the site www.aliascentral.com and have given someone I know some free webspace and set up a coppermine gallery for them at www.insider.aliascentral.com/gallery. We both used to have admin access to the gallery but a couple days ago, he deleted my username. I know I should really romove the privelages I gave him (5GB webspace and two subdomains) but I have full access to the FTP and all files at the paret domain aliascentral.com, whereas he only has access to the subdomain insider.aliascentral.com. Is there any way of me creating an admin account in the gallery by messing with the files?

Thanks in advance

JayEm

Stramm · « **Reply #1 on:** October 26, 2005, 01:51:54 pm »

you have access to the database.. more you don't need. No messing with files... change db user/pass asap. Then change his coppermine user table entry to your username, password and email addy

JayEm · « **Reply #2 on:** October 26, 2005, 02:32:15 pm »

Thanks for the help. I'm new to SQL and didn't know you could do that. I used phpMyAdmin to find his password and have changed it.

Stramm · « **Reply #3 on:** October 26, 2005, 05:50:46 pm »

as long as you don't change the mysql passwords (in phpmyadmin the 'Privileges') your buddy can do the same or delete the entire db. So add a new superuser and backup user. Then change your include/config.inc.php sop that it reflects the new user and when coppermine still works smooth you remove the old mysql users.

Hope that's understandable

JayEm · « **Reply #4 on:** October 26, 2005, 06:05:12 pm »

The site and gallery are hosted using cPanel and Fantastico. My "friend" doesn't have access to this so he can't change much. He only has access to Coppermine's files. If he does delete the entire db, I can always change it using cPanel and phpMyAdmin.

Thanks for the help anyways.

Stramm · « **Reply #5 on:** October 26, 2005, 06:12:34 pm »

Quote from: JayEm on October 26, 2005, 06:05:12 pm

He only has access to Coppermine's files.

With FTP access to the cpg files he has access to the db. Access to the db means he can delete the db or change the user/ pass again. And if you didn't know... with FTP access and a not highly secured server he can change a lot of things. It's even possible that he hacks into your cpanel, then he has root access and locks you out. Or he just shuts down the box. Can be funny too

If you don't trust a guy, then it's not good if he can access your server and execute his own scripts. However, you're the boss on your box

good luck

News:

Author Topic: Login Trouble And Friends That Stab You In The Back (Read 3877 times)

JayEm

Login Trouble And Friends That Stab You In The Back

Stramm

Re: Login Trouble And Friends That Stab You In The Back

JayEm

Re: Login Trouble And Friends That Stab You In The Back

Stramm

Re: Login Trouble And Friends That Stab You In The Back

JayEm

Re: Login Trouble And Friends That Stab You In The Back

Stramm

Re: Login Trouble And Friends That Stab You In The Back