1 |
On Sat, 22 Sep 2007 08:06:40 Grant wrote: |
2 |
> > > As I have previously posted about, my host sent me an email a few days |
3 |
> > > ago stating that support tickets for 5,000-6,000 of their clients had |
4 |
> > > been broken into. I checked my records and found that my root |
5 |
> > > password had previously been submitted in a support ticket. I then |
6 |
> > > decided I needed to reinstall my system. |
7 |
> > > |
8 |
> > > I requested that my host allow me access to a second machine for 2-5 |
9 |
> > > days while I switch over to a clean system, after that I would turn |
10 |
> > > the old system over to them and continue with the new system. |
11 |
> > > |
12 |
> > > My request was denied! I'm blown away by this. Was I asking too much? |
13 |
> > > |
14 |
> > > - Grant |
15 |
> > |
16 |
> > You are probably asking more than their terms of service *require* them |
17 |
> > to provide, especially if they don't believe the leaked information was |
18 |
> > used for any nefarious activity. |
19 |
> > However a reasonable webhost who accepts responsibility for its mistakes |
20 |
> > and values its customers would probably grant such a request as a gesture |
21 |
> > of goodwill - unless they were worried about opening the floodgates for |
22 |
> > every customer to request such treatment, a scenario which would likely |
23 |
> > leave them unable to comply even if they wanted to. |
24 |
> > As a side note, although I agree with all the comments about 'never been |
25 |
> > sure' a system is still clean, did you check whether there was actually |
26 |
> > any root logins to your server not from your IP since the breach? If I |
27 |
> > was in your situation and could confirm that no root logins occurred (via |
28 |
> > ssh, ftp, cpanel, whatever else is running) from other ip's I'd probably |
29 |
> > rest easy just changing my password. |
30 |
> |
31 |
> Wouldn't it be trivial for them to edit the logs though? |
32 |
> |
33 |
|
34 |
Good point, that comes down to how your server is set up. My server logs get |
35 |
sent to a dedicated logging host - primarily to agregate logs from half a |
36 |
dozen domains, with the happy side effect of securing logs from webserver |
37 |
breaches. My final comment was a presumptive leap based on my own setup and |
38 |
is invalidated if your logs are kept on the same host. |
39 |
|
40 |
- Noven |
41 |
-- |
42 |
>-- Novensiles divi Flamen --< |
43 |
>---- Miles Militis Fons ----< |
44 |
-- |
45 |
gentoo-user@g.o mailing list |