Date:  Thu, 30 Jul 2009 09:43:10 -0500
From:  Chris Gebhardt - VIRTBIZ Internet <cobaltfacts (at mark) virtbiz.com>
Subject:  [coba-e:15852] Re: [LIKELY_SPAM]Root exploit on Blue Quartz
To:  coba-e (at mark) bluequartz.org
Message-Id:  <4A71B17E.7090505 (at mark) virtbiz.com>
In-Reply-To:  <662D282894D744BB94D0A6B9655C041A@HP9925NR>
References:  <E776AF61EE604DC3BC41E9AB2D91AAA2 (at mark) HP9925NR> <200907300403.10254.bq (at mark) solarspeed.net> <00f101ca10c1$5b83fe70$6401a8c0 (at mark) HPPAVILION> <4A713F25.7000801 (at mark) monostar.net> <F8C0A438-9892-4429-BC33-1881AE8444E7 (at mark) scargo.nl> <662D282894D744BB94D0A6B9655C041A (at mark) HP9925NR>
X-Mail-Count: 15852

Darrell D. Mobley wrote:
>> -----Original Message-----
>> From: Taco Scargo [mailto:taco (at mark) scargo.nl]
>> Are you 100% confident you are the only one that knows the password ?
>> Never requested help from someone ?
> 
> The only other people who knew the password was the support guys at my web
> host.  I trust them.  I suspect my old laptop, which got infected with a
> rootkit a short while back, may be the culprit.
> 
> It was interesting, they created the user, logged onto SSH, sat there and
> didn't run one command, then deleted the user in the GUI.
> 
> I wonder if I should put SSH on another port?

Darrell
I'd like to think we're pretty trustworthy in this regard!!!  ;)

I see from your ticket last night that we helped you to lock SSH to your 
IP and our internal POPs.   That's usually a better solution than just 
changing the port.   I couldn't think of a reason to recommend against 
it, but it would seem redundant at this point.

Plus, I certainly would not think of changing the SSH port as an honest 
security measure.   After all... security by obscurity is no security at 
all!

-- 
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ