Gentoo Archives: gentoo-user

From: Novensiles divi Flamen <noven@×××××××.org>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] {OT} Opinions on Host's Decision Please
Date: Fri, 21 Sep 2007 22:41:14
In Reply to: [gentoo-user] {OT} Opinions on Host's Decision Please by Grant
1 On Sat, 22 Sep 2007 07:07:23 Grant wrote:
2 > Hello,
3 >
4 > As I have previously posted about, my host sent me an email a few days
5 > ago stating that support tickets for 5,000-6,000 of their clients had
6 > been broken into. I checked my records and found that my root
7 > password had previously been submitted in a support ticket. I then
8 > decided I needed to reinstall my system.
9 >
10 > I requested that my host allow me access to a second machine for 2-5
11 > days while I switch over to a clean system, after that I would turn
12 > the old system over to them and continue with the new system.
13 >
14 > My request was denied! I'm blown away by this. Was I asking too much?
15 >
16 > - Grant
18 You are probably asking more than their terms of service *require* them to
19 provide, especially if they don't believe the leaked information was used for
20 any nefarious activity.
21 However a reasonable webhost who accepts responsibility for its mistakes and
22 values its customers would probably grant such a request as a gesture of
23 goodwill - unless they were worried about opening the floodgates for every
24 customer to request such treatment, a scenario which would likely leave them
25 unable to comply even if they wanted to.
26 As a side note, although I agree with all the comments about 'never been sure'
27 a system is still clean, did you check whether there was actually any root
28 logins to your server not from your IP since the breach? If I was in your
29 situation and could confirm that no root logins occurred (via ssh, ftp,
30 cpanel, whatever else is running) from other ip's I'd probably rest easy just
31 changing my password.
33 - Noven
34 --
35 >-- Novensiles divi Flamen --<
36 >---- Miles Militis Fons ----<
37 --
38 gentoo-user@g.o mailing list


Subject Author
Re: [gentoo-user] {OT} Opinions on Host's Decision Please Grant <emailgrant@×××××.com>