I just caught someone on my termserver sending bulk spam! Wow!!

Guess it's time to change this weak admin password!

I would be very wary of everything on that term server now and whatever it might be connected to... Most importantly, how did they get in in the first place?

Must have just brute forced the very very weak admin password.

I have been meaning to change it (it was the same since I got the job) Guess today is the day!

I am looking at the server now to see what they've done.

Well I have their list of email address. And I see in the logs that they are still trying to get on the server.

I've changed the password to 15 characters and it was generated by lastpasse's generator tool. I think I will remove the ability for the admin account to have remote access and check my other user accounts and get the all tightened up.

Not what I wanted to walk into today, and it was just dumb luck that I found this, but it's pretty interesting stuff!

Why is public access to your term server allowed?
I realise it's a term server, but surely people should have to VPN in first? I don't like open holes facing the Internet - anything other than access for a proxy, a mail proxy and very few other bits and bobs should be plugged. Dictatorship ftw!

Because whoever set this up was a dumbass. I'm going to change it and make a VPN mandatory if someone wants to connect.

Fuck is changing an Admin password a pain in the ass.