Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 19th April 2011, 16:22
happz happz is offline
Senior Member
 
Join Date: Feb 2008
Location: Nashville, TN
Posts: 261
Thanks: 35
Thanked 6 Times in 5 Posts
Default Debian 6 ISPConfig 3 /etc/john

Hello all.

I was browsing around the server this morning and found something I've not seen before. A folder located here: /etc/john

I installed this server on, I believe 3.4.11 and the /etc/john folder shows a changed date of 3.24.11

Inside of this folder /john is: john.conf, john-mail.conf, and john-mail.msg and they are all dated - (changed- 10.17.2009)

It cleared talks about hacking your password and in the msg folder it has a standard message:

[Subject: Bad password!

Hello!

Your password for account @LOGIN at host @HOSTNAME is too easy!
Please change it as soon as possible.

John the Ripper, an automated password cracker.]

The john.conf has a script which I will post a small amount of it here:
#
# This file is part of John the Ripper password cracker,
# Copyright (c) 1996-2006,2008 by Solar Designer
#

[Options]
# Wordlist file name, to be used in batch mode
Wordlist = /usr/share/john/password.lst
# Use idle cycles only
Idle = N
# Crash recovery file saving delay in seconds
Save = 600
# Beep when a password is found (who needs this anyway?)
Beep = N


There is many more files but it almost looks like a hack to help warn of weakpasswords but honestly, I've not seen this before.

Anyone care to comment?

happz

Last edited by happz; 19th April 2011 at 16:27. Reason: changed a date
Reply With Quote
Sponsored Links
  #2  
Old 19th April 2011, 16:38
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,791
Thanks: 840
Thanked 5,612 Times in 4,423 Posts
Default

John the ripper is a password checking software, it has its config file sin /etc/john. It is used to find passwords that are too simple and to warn the users. The file you posted above is the email template of that software. It is part of openwall project

See here:

http://www.openwall.com/john/doc/

Ths software john the ripper is not part of ispconfig or the perfect setup. But its a normal security tool and not a hacker tool in my opionion.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 19th April 2011, 17:07
happz happz is offline
Senior Member
 
Join Date: Feb 2008
Location: Nashville, TN
Posts: 261
Thanks: 35
Thanked 6 Times in 5 Posts
 
Default

Good news. Thanks Till!

happz
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig on Debian 6 with optional PHP 5.2 for single webs Croydon Installation/Configuration 3 6th September 2011 17:35
DNS issue Debian Squeeze ISPConfig 3 Bind mleeroberts HOWTO-Related Questions 4 18th February 2011 19:26
ISPConfig 3.0.0.9 RC2 released till General 51 17th April 2009 18:12
ISPConfig 3.0.1 released till General 36 29th March 2009 15:30
ISPConfig installation into multiple OpenVZ containers letezo Installation/Configuration 11 3rd March 2009 23:47


All times are GMT +2. The time now is 10:46.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.