| 1 |
> > As I have previously posted about, my host sent me an email a few days |
| 2 |
> > ago stating that support tickets for 5,000-6,000 of their clients had |
| 3 |
> > been broken into. I checked my records and found that my root |
| 4 |
> > password had previously been submitted in a support ticket. I then |
| 5 |
> > decided I needed to reinstall my system. |
| 6 |
> > |
| 7 |
> > I requested that my host allow me access to a second machine for 2-5 |
| 8 |
> > days while I switch over to a clean system, after that I would turn |
| 9 |
> > the old system over to them and continue with the new system. |
| 10 |
> > |
| 11 |
> > My request was denied! I'm blown away by this. Was I asking too much? |
| 12 |
> > |
| 13 |
> > - Grant |
| 14 |
> |
| 15 |
> You are probably asking more than their terms of service *require* them to |
| 16 |
> provide, especially if they don't believe the leaked information was used for |
| 17 |
> any nefarious activity. |
| 18 |
> However a reasonable webhost who accepts responsibility for its mistakes and |
| 19 |
> values its customers would probably grant such a request as a gesture of |
| 20 |
> goodwill - unless they were worried about opening the floodgates for every |
| 21 |
> customer to request such treatment, a scenario which would likely leave them |
| 22 |
> unable to comply even if they wanted to. |
| 23 |
> As a side note, although I agree with all the comments about 'never been sure' |
| 24 |
> a system is still clean, did you check whether there was actually any root |
| 25 |
> logins to your server not from your IP since the breach? If I was in your |
| 26 |
> situation and could confirm that no root logins occurred (via ssh, ftp, |
| 27 |
> cpanel, whatever else is running) from other ip's I'd probably rest easy just |
| 28 |
> changing my password. |
| 29 |
|
| 30 |
Wouldn't it be trivial for them to edit the logs though? |
| 31 |
|
| 32 |
- Grant |
| 33 |
-- |
| 34 |
gentoo-user@g.o mailing list |
Archives