The Boys from Shanghai..?
So are help-desk providers being targeted?
Maybe the rest could, you know, check their logs and stuff?
Website administration firm cPanel has told The Reg that one of its proxy servers was hacked, potentially exposing customers' administrator-level passwords. cPanel discovered that one of its systems, used to handle technical support tickets, was infiltrated nearly a week ago. The biz, which provides tools for managing Unix- …
This post has been deleted by its author
If you have to give a root password to a support company, change it before you give them access then immediately after too, but be sure to use a different one than you had originally before handing control to a stranger.
After their assistance, check the root account's history file to see what they have been doing, if only to help you next time the issue occurs.
Remember, it's not unusual for a root password to be recorded in your history file or a log when logging in remotely and changing user, mistyping or forgetting you just used su!
Oh, where to begin on that one.... let's start with this: Any regex that would match your password, and only your password, would give away your password. Next, to detect it at entry time at the command prompt, you'd have to write a shell script or similar to serve AS your shell - parse your command, check it for the verboten word (without exposing what that word is, mind), and then pass the command on to the shell.
Or you could just watch what you type.
This post has been deleted by its author
Old news : my hosting company posted this a week ago :
"With most resellers being more technically clued up than a typical end user I thought this topic was best posted in the reseller area, so you have re-assurance and can re-assure your own customers.
Over the last few weeks a nasty "SSH" compromise has been roaming around, with a large number of hosts infected by some serious hacking incidents as a result. Similarly (and currently suspected as linked) cPanel have announced one of the servers in their tech support department, and possibly their helpdesk ticketing system has been compromised, resulting in possibly 6+ months worth of tech support tickets and associated root login information being stolen.
For clarity ZERO UH servers have been affected by the matter, and when using cPanel support we've always rotated passwords out after supplying credentials. Similarly the hosts that have been affected seemed to all have allowed "direct root login" with password, something we've never had enabled on our servers (our support team login with keys and never use root passwords for SSH).
So while you may be reading of a lot of hosting companies having a bad few weeks with all this, your server is clean and will not have been affected thanks to a proper security policy developed over a 14 year period to ensure matters like this cannot spoil our day "