云服务 Linode 也被爆了?

xmonkeycn · 2013年04月13日 · 最后由 huobazi 回复于 2013年04月17日 · 3887 次阅读

刚收到邮件,要求 password reset 了,刚把 evernote 的 reset 了没几天... http://e2.ma/message/c9dae/w0ogix

Security Notice: Linode Manager Password Reset

Dear Linode customer,

Linode administrators have discovered and blocked suspicious activity on the Linode network. This activity appears to have been a coordinated attempt to access the account of one of our customers. This customer is aware of this activity and we have determined its extent and impact. We have found no evidence that any Linode data of any other customer was accessed. In addition, we have found no evidence that payment information of any customer was accessed.

We have been advised that law enforcement officials are aware of the intrusion into this customer’s systems. We have implemented all appropriate measures to provide the maximum amount of protection to our customers. Out of an abundance of caution, however, we have decided to implement a Linode Manager password reset. In so doing, we have immediately expired all current passwords. You will be prompted to create a new password the next time that you log into the Linode Manager. We also recommend changing your LISH passwords and, if applicable, regenerating your API key.

The following represent best practices in creating new passwords: Avoid using simple passwords based on dictionary words Never use the same password on multiple sites or services Never click on 'reset password' requests in unsolicited emails - instead go directly to the service We apologize for the inconvenience. If you have any questions, please do not hesitate to contact our support team at [email protected]

改吧,定期修改密码是对的。

服务器一定要定期改密码。

记得信用卡要挂失,招行要 60 大洋

#2 楼 @kgen 这次影响到服务器是的用户和密码了吗?

#4 楼 @huobazi 这次 Lish 密码被爆了,一些人的 Lish 密码和系统帐户密码相同的,这个就倒霉了。 服务器上的帐号密码本身没有被攻破,而且就算是 VPS 商,也没常规办法获得的。

#5 楼 @kgen 哦,明白了,我好想没用过 Lish 登陆过, 密码应该是空的吧 。

#6 楼 @huobazi 应该是随机生成的,空的话岂不是每个人都能登录你的机器 XD 这次 Lish 是泄漏了明文,所以你要自己一台台改。

#7 楼 @kgen

多谢多谢,已改了个自己都没记住的密码,键盘随便拍出来的

Linodes » linodexxxxxx » Remote Access

• Console password changed successfully.
需要 登录 后方可回复, 如果你还没有账号请 注册新账号