Main Stories
Slash Boxes

Slash Open Source Project

Slashcode Log In

Log In

[ Create a new account ]

Change your default admin password

posted by CaptTofu on 12:08 PM September 29th, 2000   Printer-friendly   Email story
By now, we all know about the hack on slashdot. The real problem was that we forgot to change the default admin user password on two test boxes that we have, which gave the intruders access into the blocks editor, and the rest is history.

I can not stress this enough: make sure you have changed your admin users' passwords from the installation passwords! I've just made a commit to the code in cvs which does away with default admin users. There's now a script that prompts the site operator for an admin user name and password. This is for new sites. If you have an existing site, just check in your database what your passwords are by SELECT aid,pwd FROM authors;. This will give you a list of all your admin users and passwords. You can either change any unchanged passwords via the admin interface via the "Authors" admin menu URL, or go into the database: UPDATE authors set pwd = 'newpassword' WHERE aid = 'aidinquestion';

This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login
Loading... please wait.