I think I just permanently ruined my life

You're making a lot of baseless assumptions there.

if you did not steal anything and did not remove anything etc. I don't see how you could have violated any laws.

Nothing was stolen, removed, damaged, etc. I accessed it because the password (along with like 20 others) were made public most likely accidentally. I may have been in there for a bit too long but in the end I helped them by hiding it off of Google and hiding the directory listing.

In the UK, there's the computer misuse act which covers the following three offences:
1) Unauthorised access to computer material (maximum of 2 years imprisonment)
2) Unauthorised access with intent to commit further offences (maximum of 5 years imprisonment)
3) Unauthorised modification of computer material (maximum of 10 years imprisonment)

A lot of countries will have similar laws.

Firstly, the first is the only one that could possibly apply to me, and 2 years is the maximum. Very unlikely. My age makes it even more unlikely.
Secondly, this is all fully dependent on whether or not the person SSHs in and finds the note that says I fixed everything. Will I be forgiven and nobody will be notified, or will they be ruthless in making sure I am punished? They will likely feel spared and lean towards the former option rather than the latter. Just my two cents, but you could say I'm a bit obviously biased towards me not going to fucking prison lmao.

Also, this individual hadn't been on the server for months. It's safe to assume nothing will happen any time soon, at least for the time being. Whether they take the note and help I provided as a threat or not is no longer under my control. Fuck it.

Just SSH in from a VPN this time to cover up the last login IP.

Delete reasonable evidence. Whoever made this public is probably too incompetent to track you down without easy leads.
At a minimum, delete the note, any .bash_history files, and /var/log/lastlog. Look online for additional steps.
t. cyber professional

Also make sure to leave a few ascii dicks in the documents.

In the US what he did was a felony. You're not allowed to access any computer systems for which you have not been given permission to access.

And yes, using your neighbors unprotected wifi is indeed a felony

How do you get permission to access any random website you find a link to through Google?

OP didn't access a website

nice try CIA

Next time don't do it mr hacker man

Don't have write access. Yes I've tried chmod. Can only write within /var/something/something
/var/log/lastlog doesn't exist apparently? Should I get rid of the fix I did with .htaccess so it won't appear on Google and nobody can see the public listing of the files?

Did so just in case

I mean, I found a website that publicly listed the files that were contained within it. Found a text file with the SSH information. Went inside. I'm accessing the machine that's hosting the "website" if you want to call it that. It's more of just a public directory nobody was intended to see.

It took your whole care as collateral to snoop through everything in that directory. Very high chance this leads to a felony pending charge.

I did not go through everything. On the website itself which listed the files, there was one folder which upon entering just had a bunch of random shit I mentioned. I didn't find each one on their own. They were all together in one directory. Opening that directory showed all of them at once. I went through two different folders, one that had a website/SQL backup and one that had everything else pretty much. That's the furthest my "snooping" went. Knowing that anyone could target this individual if they happened to stumble upon this website (I did so on the last page of a result on Google) puts me at a dilemma. Do I prevent others from accessing the system by illegally entering and fixing the public listing of files, or do I act like I didn't enter at all? Of course I fixed the website, left a note and moved on.

there is a distinct, if practically nonexistent difference between a website deliberately built with html or whatever and one automatically rendered (like say a page directory)

but in any case, if you got to it from Google and it had a legitimate web address instead of an IP or a convoluted domain I honestly think you would be fine

>Of course I fixed the website, left a note and moved on.

Oh. Nevermind lmao. if they want to go after you you're fucking fucked, m8

Yeah I just went back on and undid everything. Got rid of all the command history and whatnot. The only thing that's gonna fuck me over is the fact it says the date of when someone was last sshed into it, which was today instead of months ago. I don't think I can change that without root access unfortunately. At least the first three digits of the IP are the same, so maybe it won't be that apparent.

Jesus, is the US law really that retarded that you go to jail for sshing to a server you found on google?

if its on the internet and it didnt prompt you for credential that you forced your way trough i'd say its fair game, there was a case in recent times when a boy was arrested but then the charges were dropped, but i dont remember in which country.
if you are in the US, i would start to shit my pants, i bet with enough pressure they could have you in jail for a tweet.

Better be prepared to date the fella in your pic OP

>dd if=/dev/zero
do it fag.

>Jesus, is the US law really that retarded that you go to jail for walking into a house you found on google?

>do you go to jail for going into someone else's house without permission because you found their keys under the doormat?
Yes.

No-one said the law made sense. Laws are specifically written vague so that they can be applied when (((they))) feel like it.

It asked for a password which I found in the text file that was publicly available on the listing (clearly not intentionally). Literally the machine is spotless. I have no information of this individual's downloaded. It's as if I never visited pretty much.

>It asked for a password which I found in the text file that was publicly available on the listing
yep, thats a felony user.
even if you guessed it would still be a felony.

>It asked for a password
It's even worse than I expected

I’ve never seen anyone here hide their keys under a doormat, and if I found keys on the street and walked into a house to return the keys I would probably get thanked rather than called the police at or shot. Different cultures I guess.

Nothing will happen and here is why. 1) Only if anyone is looking for a break in will they find one. 2) even if they find one, 99% of sysadmins are to stupid to know it. They are looking through logs for an entry that says "Heeeyyyyy stop alert alert alert beam in Mr Spock we have an intruder" if it doesnt say that they will assume its just a normal procedure they dont understand yet.
3) even if they find you broke in they will not want to waste time and or money on you
4) it's not like you poked their mom up the vagina with your bassoon

You made a mistake by telling them. Unfortunately when you find stuff like this, if it's a corporation they'll get mad. If it's someone's personal stuff then they'll probably be happy you told them.
The reasons is that corporations have more liability, and more politics. Basically, if it's insecure then it's someone's fault, and instead of admitting internal faults they'd rather redirect blame to the perpetrator.

>I helped them though.
>I just robbed you
>here, some money so you can take the bus back home
I helped though

I had a similar thing happen to me. I was snooping in unsecured Amazon buckets, and saw some shit in one of them that blew my mind. Tons of Brazilian banking information,copies of peoples personal I.D.s, titles for cars, you name it. I never bothered to figure out if this was for a legitimate bank, or if I had stumbled upon a hackers dumping ground. Regardless, it spooked me to no end.

You found public data, nothing to worry aboute. Move on