On Sat, 22 Sep 2007 07:07:23 Grant wrote: > Hello, > > As I have previously posted about, my host sent me an email a few days > ago stating that support tickets for 5,000-6,000 of their clients had > been broken into. I checked my records and found that my root > password had previously been submitted in a support ticket. I then > decided I needed to reinstall my system. > > I requested that my host allow me access to a second machine for 2-5 > days while I switch over to a clean system, after that I would turn > the old system over to them and continue with the new system. > > My request was denied! I'm blown away by this. Was I asking too much? > > - Grant
You are probably asking more than their terms of service *require* them to provide, especially if they don't believe the leaked information was used for any nefarious activity. However a reasonable webhost who accepts responsibility for its mistakes and values its customers would probably grant such a request as a gesture of goodwill - unless they were worried about opening the floodgates for every customer to request such treatment, a scenario which would likely leave them unable to comply even if they wanted to. As a side note, although I agree with all the comments about 'never been sure' a system is still clean, did you check whether there was actually any root logins to your server not from your IP since the breach? If I was in your situation and could confirm that no root logins occurred (via ssh, ftp, cpanel, whatever else is running) from other ip's I'd probably rest easy just changing my password. - Noven -- >-- Novensiles divi Flamen --< >---- Miles Militis Fons ----< -- [EMAIL PROTECTED] mailing list
