Hello all. I was browsing around the server this morning and found something I've not seen before. A folder located here: /etc/john I installed this server on, I believe 3.4.11 and the /etc/john folder shows a changed date of 3.24.11 Inside of this folder /john is: john.conf, john-mail.conf, and john-mail.msg and they are all dated - (changed- 10.17.2009) It cleared talks about hacking your password and in the msg folder it has a standard message: [Subject: Bad password! Hello! Your password for account @LOGIN at host @HOSTNAME is too easy! Please change it as soon as possible. John the Ripper, an automated password cracker.] The john.conf has a script which I will post a small amount of it here: # # This file is part of John the Ripper password cracker, # Copyright (c) 1996-2006,2008 by Solar Designer # [Options] # Wordlist file name, to be used in batch mode Wordlist = /usr/share/john/password.lst # Use idle cycles only Idle = N # Crash recovery file saving delay in seconds Save = 600 # Beep when a password is found (who needs this anyway?) Beep = N There is many more files but it almost looks like a hack to help warn of weakpasswords but honestly, I've not seen this before. Anyone care to comment? happz
John the ripper is a password checking software, it has its config file sin /etc/john. It is used to find passwords that are too simple and to warn the users. The file you posted above is the email template of that software. It is part of openwall project See here: http://www.openwall.com/john/doc/ Ths software john the ripper is not part of ispconfig or the perfect setup. But its a normal security tool and not a hacker tool in my opionion.
