Stupid systems administrators

QurazyQuisp

Platinum Member
Feb 5, 2003
2,554
0
76
So, I'm doing a web development project for a department on campus. All the other projects I've done for other departments haven't been bad, but this one is only because of the systems administrator for this department.

To upload something to the webserver from my machine I have to: Somehow send it to a Windows XP server, whether it be by email, or ftp or what ever. Once the files are on that server I have to login to the server via remote desktop, and then FTP the files up to the actual webserver via SFTP. This takes about 2 to 3x as long as what it should. Why? because he is only allowing SSH from this server. There is nothing mission critical on the webserver, there isn't even any private data or important data.

Second, if I ever want anything installed on the server he insists on hand compiling any packages himself, since he's a relatively busy guy this can take upwards of two weeks to get something running that my application is dependent on.

I can't wait to be done with the stupid project.
 

yllus

Elite Member & Lifer
Aug 20, 2000
20,577
432
126
The smaller the fiefdom, the bigger the crown. Just the way it is.

If possible, get someone in the department to pull rank and make him give you whatever you want. That's usually pretty satisfying.
 

Atheus

Diamond Member
Jun 7, 2005
7,313
2
0
This sounds annoying, but there might be a reason for it. I've enforced something similar before - I was getting spammed with brute force SSH and FTP login attempts and the easiest thing to do was block everything but port 80 with IPtables and allow logins only from the dev server ,which attracted a lot less attention, then allow anyone to SSH into that. You'd be better off if it was a *nix box with SSH you had to go through though, rather than remote desktop, then it would be easy.
 

manlymatt83

Lifer
Oct 14, 2005
10,051
44
91
Originally posted by: Atheus
This sounds annoying, but there might be a reason for it. I've enforced something similar before - I was getting spammed with brute force SSH and FTP login attempts and the easiest thing to do was block everything but port 80 with IPtables and allow logins only from the dev server ,which attracted a lot less attention, then allow anyone to SSH into that. You'd be better off if it was a *nix box with SSH you had to go through though, rather than remote desktop, then it would be easy.

I used to do this. Then I just created a script that would monitor the ssh log and any repeated unauthorized attempts, and I'd block out that IP address block for 15 minutes. Tends to work pretty damn well.

As far as the other stuff, ssh tunneling works well.

And as far as the compiling packages from hand, yuck... while I agree creating custom RPM's/packages for things like apache, etc. is good if you're doing special config options, anything standard should just use RPM's/packages from dag (if linux) or ports collection (if bsd). Actually, the latter is nice because it allows a mix of both. I <3 BSD.
 

ultimatebob

Lifer
Jul 1, 2001
25,134
2,450
126
Only a retard would allow unencrypted console and FTP sessions on an Internet facing web server nowadays. You're just asking to get hacked for doing something stupid like that!

The hand compiling packages restriction seems a bit extreme, though, assuming that you don't work for the NSA or something like that.
 

NesuD

Diamond Member
Oct 9, 1999
4,999
106
106
Ever thought of kissing up to him instead of being a whiner. I'm a sysadmin and when it's my swingset I make the rules. Do you know how much abuse some of us have to take from id10ts? It makes you just want to be an ass so often it starts to become a habit. Maybe just maybe if you let him know that you appreciate what he does for your benefit he might soften a bit and become a little more accomodating. In my organization my users have learned that treating me with respect is the best way to get me to go above and beyond for them. I am always willing to accomodate anyone as much as is reasonable unless they treat me like crap in which case it could take a while to get that SSL-VPN account access created.
 

Specop 007

Diamond Member
Jan 31, 2005
9,454
0
0
Take it to the management chain. Emial both your supervisor and his supervisor. I hate jackass admins who try to slow everybody down over some stupid power trip.
 

CrazyLazy

Platinum Member
Jun 21, 2008
2,124
1
0
That's dumb, but I have heard much worse. BTW QurazyQuisp, the site in your sig, did you put up something saying it got hacked or did it actually get hacked?
 

effowe

Diamond Member
Nov 1, 2004
6,012
18
81
Originally posted by: CrazyLazy
That's dumb, but I have heard much worse. BTW QurazyQuisp, the site in your sig, did you put up something saying it got hacked or did it actually get hacked?

Looks like the real thing

Yesterday the Turkish cracker going by the handle "Iskorpitx", succesfully hacked 21,549 websites in one shot (plus 17,000 as our last update) and defaced (on a secondary page) all of them with a message showing the Turkish flag (with AtaTurk face on it)
 

CrazyLazy

Platinum Member
Jun 21, 2008
2,124
1
0
Originally posted by: effowe
Originally posted by: CrazyLazy
That's dumb, but I have heard much worse. BTW QurazyQuisp, the site in your sig, did you put up something saying it got hacked or did it actually get hacked?

Looks like the real thing

Yesterday the Turkish cracker going by the handle "Iskorpitx", succesfully hacked 21,549 websites in one shot (plus 17,000 as our last update) and defaced (on a secondary page) all of them with a message showing the Turkish flag (with AtaTurk face on it)

Thought so, thought I had heard something about a Turkish guy hacking a ton of sites awhile back.
 

mugs

Lifer
Apr 29, 2003
48,920
46
91
We (software company) had a customer who would only allow access to their network from one of our physical location. We have developers in multiple locations, so we set up a proxy server at the location with access (with the blessing of the IT guy at that location). Corporate IT found out and shut off network connectivity for that server. Even after we told them the reason it was being used as a proxy server, it took them a week to allow access. They prevented us from working for a week.