Attention:
Okay guys...you have a problem. You have a FrontPage security threat that
can and WILL be taken advantage of. If a malicious "hacker" had
found this exploit instead of me, one who tries to help, your page would
be in a lot of trouble right now. Don't worry, I have backed up your
index.html - http://www.tucsontractor.com/index22.html
but please listen to what I have to say. First of all, you need to
fix the frontpage problem. Anybody on the Internet can find out
your Administrator's password by going to the address http://www.tucsontractor.com/_vti_pvt.
If they click "administrators.pwd" it will bring up something like this...
ttcftp:Nm7NiyJ.p9JzU
Now that doesnt show the actual password, but what it DOES show is the
password in Unix-Encrypted format. And with a password as easy as yours (you
really should choose a better one) it is very easy to decrypt. What you
need to do is set the access so that nobody can get to the ../_vti_pvt/ page.
That will fix your security leak. As for your password, you should use
a better combination of numbers and letters than tractor1. I guess
that is all that I can do for you. If you have any questions, or if you want
to bust me for violating your page and helping correct your security errors,
please feel free to email me at wldthing7@juno.com
Sincerely,
- himi -
