Linode已经恢复访问,并安全提醒 尽快登录账户修改密码

linode从2015年圣诞期间就开始遭受到DDOS攻击,到现在已经持续10多天的时间了。1月7日大陆地区访问linode官网基本上正常访问了,在6日老耿发布了登陆linode后台必须修改密码的消息,现在把官网的原文整理一下,大致的意思是:最近因为各种问题可能是账户被安全入侵导致的,可能我们用户的账户安全也存在问题,所以我们登录Linode账户需要设置新的账户密码。

Effective immediately, Linode Manager passwords have been expired. You will be prompted to set a new password on your next login. We regret this inconvenience, however this is a necessary precaution.

A security investigation into the unauthorized login of three accounts has led us to the discovery of two Linode.com user credentials on an external machine. This implies user credentials could have been read from our database, either offline or on, at some point. The user table contains usernames, email addresses, securely hashed passwords and encrypted two-factor seeds. The resetting of your password will invalidate the old credentials.

This may have contributed to the unauthorized access of the three Linode customer accounts mentioned above, which were logged into via manager.linode.com. The affected customers were notified immediately. We have found no other evidence of access to Linode infrastructure, including host machines and virtual machine data.

The entire Linode team has been working around the clock to address both this issue and the ongoing DDoS attacks. We’ve retained a well-known third-party security firm to aid in our investigation. Multiple Federal law enforcement authorities are also investigating and have cases open for both issues. When the thorough investigation is complete, we will share an update on the findings.

You may be wondering if the same person or group is behind these malicious acts. We are wondering the same thing. At this point we have no information about who is behind either issue. We have not been contacted by anyone taking accountability or making demands. The acts may be related and they may not be.

The security of your data, the functionality of your servers, and your confidence in Linode are extremely important to all of us. While we feel victimized ourselves, we understand it is our responsibility, and our privilege as your host, to provide the best possible security and service. You can help further enhance the security of your account by always using strong passwords, enabling two-factor authentication, and never using the same password at multiple services.

We sincerely apologize for the recent disruptions in your Linode service. Thank you for your patience, understanding and ongoing trust in Linode.

所以再次提醒各位有linode账号的朋友赶紧登陆修改密码,以防自己的真实信息被盗用!从这次事件也反映出了做为优质主机商也要做好应对各种攻击或者入侵的预防工作,如果此次事件发生在一般的小主机商估计跑路的几率很大。对于此事linode每天都不定时的公布最新的消息,不得不说一家优质的服务商的服务也好!

还没回应

发表评论

电子邮件地址不会被公开。 必填项已用*标注