On Sat, 22 Sep 2007 08:06:40 Grant wrote: > > > As I have previously posted about, my host sent me an email a few days > > > ago stating that support tickets for 5,000-6,000 of their clients had > > > been broken into. I checked my records and found that my root > > > password had previously been submitted in a support ticket. I then > > > decided I needed to reinstall my system. > > > > > > I requested that my host allow me access to a second machine for 2-5 > > > days while I switch over to a clean system, after that I would turn > > > the old system over to them and continue with the new system. > > > > > > My request was denied! I'm blown away by this. Was I asking too much? > > > > > > - Grant > > > > You are probably asking more than their terms of service *require* them > > to provide, especially if they don't believe the leaked information was > > used for any nefarious activity. > > However a reasonable webhost who accepts responsibility for its mistakes > > and values its customers would probably grant such a request as a gesture > > of goodwill - unless they were worried about opening the floodgates for > > every customer to request such treatment, a scenario which would likely > > leave them unable to comply even if they wanted to. > > As a side note, although I agree with all the comments about 'never been > > sure' a system is still clean, did you check whether there was actually > > any root logins to your server not from your IP since the breach? If I > > was in your situation and could confirm that no root logins occurred (via > > ssh, ftp, cpanel, whatever else is running) from other ip's I'd probably > > rest easy just changing my password. > > Wouldn't it be trivial for them to edit the logs though? >
Good point, that comes down to how your server is set up. My server logs get sent to a dedicated logging host - primarily to agregate logs from half a dozen domains, with the happy side effect of securing logs from webserver breaches. My final comment was a presumptive leap based on my own setup and is invalidated if your logs are kept on the same host. - Noven -- >-- Novensiles divi Flamen --< >---- Miles Militis Fons ----< -- [EMAIL PROTECTED] mailing list
