Archive for October 31st, 2006

Every webmaster knows about MediaTemple. It seems to be one of the most recognized hosting companies, especially with their site design, which I think is the most cloned layout in the world.

When Mihai and I were looking for a hosting provider, both of us agreed that we need the best hosting and we chose a MT dedicated server. All was ok until the last week.

Mihai requested a new password for root, and then his computer broke. After he fixes his computer, our server was down.
The reason? The bright-heads from MT set up the “root” password for “root” account, and they suggested changing the password as soon as possible. But Mihai was able to read the email only after 4 days… and it was to late… we were hacked.

We all agreed that it was a conjuncture issue, but the following question harasses me: why they set a very very weak password for root account and let us to secure it? The most professional way was to set a very strong password (30 characters or so, it is the root account, for God sake!) and let us to change it to a simple one….

Later edit:
We have received an email from MediaTemple regarding this post:
Hello *****,

We saw your blog post and wanted to touch on this issue.
1. We agree with you. Setting a root password to “root” is absolutely not acceptable and action has been taken to keep this from ever happening again.
2. In our defense, after reviewing your request to change the root password, it does seem that you wanted it changed to the password to “root”. You’d be surprised how common this request is.
We apologize for the inconvenience! Thanks for the continued support and business.

Jason McVearry


Comments No Comments »