When logging into Webmin from my remote laptop browser I entered my password into the "User" text box by accident. In the past, if I ever enter a password in cleartext anywhere, I create a new password. I don't want to do that if I can help it…
I just assembled and setup a server running UbuntuServer 12.04. I'm the only root user. I haven't even added other users, but plan to do so in the near future for guest access.
I looked inside /var/log/auth.log and can see:
Dec 13 17:09:07 glados webmin: Invalid login as from 188.8.131.52
Dec 13 17:09:11 glados perl: pam_unix(webmin:auth): authentication failure; logname= uid=0 euid=0 tty=10000 ruser= rhost=184.108.40.206 user=root
Dec 13 17:09:13 glados webmin: Invalid login as root from 220.127.116.11
Dec 13 17:09:17 glados perl: pam_unix(webmin:auth): authentication failure; logname= uid=0 euid=0 tty=10000 ruser= rhost=18.104.22.168 user=root
The bolded text above doesn't show the login name, if I am interpreting this log file correctly. I included another failed login attempt (17:09:13) which shows that root tried logging in. Is there another location that would contain more logs?
This is my first time setting up a server, I'd appreciate any help. Thank you.
I played around with the login system… I tried logging in as non-existent user "shirley" and the log showed a failed attempt by "shirley". Is the program smart enough to not log the password as a username? I ran cat auth.log | grep part_of_my_password and couldn't find anything. I'm thinking I'm clear… unless there is another logging location.