> > As I have previously posted about, my host sent me an email a few days > > ago stating that support tickets for 5,000-6,000 of their clients had > > been broken into. I checked my records and found that my root > > password had previously been submitted in a support ticket. I then > > decided I needed to reinstall my system. > > > > I requested that my host allow me access to a second machine for 2-5 > > days while I switch over to a clean system, after that I would turn > > the old system over to them and continue with the new system. > > > > My request was denied! I'm blown away by this. Was I asking too much? > > > > - Grant > > You are probably asking more than their terms of service *require* them to > provide, especially if they don't believe the leaked information was used for > any nefarious activity. > However a reasonable webhost who accepts responsibility for its mistakes and > values its customers would probably grant such a request as a gesture of > goodwill - unless they were worried about opening the floodgates for every > customer to request such treatment, a scenario which would likely leave them > unable to comply even if they wanted to. > As a side note, although I agree with all the comments about 'never been sure' > a system is still clean, did you check whether there was actually any root > logins to your server not from your IP since the breach? If I was in your > situation and could confirm that no root logins occurred (via ssh, ftp, > cpanel, whatever else is running) from other ip's I'd probably rest easy just > changing my password.
Wouldn't it be trivial for them to edit the logs though? - Grant -- [EMAIL PROTECTED] mailing list
