Submitting Tickets / Rules

[payne]

Excellent. Great to know that submitting via email doesn't bug you. I was going through the hassle of submitting via HSControl Panel thinking that was your preferred method. Submitting via e-mail is so much easier.

they all go to the same place, just make sure you always have you reseller ID/domains with problems listed and as good of a description of the problem as you can muster up. URLs that are having the issue are also appreciated.

[mresell]

Quote:

Originally posted by Craig_Smith
I'm not sure why, but for some reason everytime I answer a ticket and ask for a users domain name or reseller username they get pissed off.
One guy actually argued with me over 3 replies before giving it up. I don't understand what is so hard about it really.

Can't really be everytime. I definetly provide info, but I hate providing reseller id altho I do, since it can be impossible in some cases to look at a problem. The only reason is that it is a major security problem. I suspect that is true for others too.
Here is an idea. How about giving all resellers a TS number This could be tied into seperate db making tracking easier too. Even w/o db using a seperate id that would remain consistent, but seperate from other id would be more secure. This would not eliminate a need for user names altogether, but cut down greatly and you would know who you are dealing with. Acct numbers may be better to use unless you need to check a login.
Basically you have same problem with credit card processing you don't want numbers with personal info. Obviously the email is the main security hazard. Alot depends on "best practices" for the TS too. If you post securely thru cp this may be cut down, does hsphere send posted cp tickets thru email (other than responder)or does it post to the backend? If secure email gets here that would help. The problem there is people using it. Bottom line is user names flying around insecurely in this era, is asking for serious trouble.

[Craig_Smith]

Hmmm,, well this post was started nearly 3 months ago and it hasn't been an issue as much lately.

Remember we never need your passwords,, (unless its a mail problem) just username. There is no security risk involved.

just providing the username is a risk? heck, I'll give mine freely, it is EASY, "landiserve" go guess that long 9+ char password man! We dont ask for a password, we don't need it, it is a pain in the butt to search as it is, adding this info is the least you can do. If security is that big of a deal, don't make a phone call, send any email, and don't talk out loud, or write anything down. And in the end don't encrypt anything because the governments only allow encryption in the end if they can break it in seconds.

(oh sorry, i got off ranting there!)

[Vixen]

I am lost as to how requesting user names is a security risk. There is no way for us to know who we are dealing with if we do not have a user name from the person, as there are so many resellers. Not to mention our other virtual customers.

[Craig_Smith]

damn,, you are ranting,,LOL. Your starting to sound like an employee,,LOL.

I promise it isn't rubbing off on me. no, it can't be! no!

anyway, I can understand the desire for APOP, but I can't see how that username is sucha big deal, as long as you hve a secure password that isnt the same as the username, or isnt dictionary crackable.

One thing for sure, my ssh login isn't the same as my reselelr ID. Also, if you want, your could remember your account ID, and we can look it up that way, if you feel better doing that, but please let us know it is your account ID, we would be quite confused to see a number as a login that returns no results.

[mresell]

WOW! That was interesting Wasn't trying to say it was a big deal, just why people may be apprehensive.

I have seen hackers become more and more innovative. All security hazards should be eliminated if possible. Also I realize, as stated that it may be necessary. I have become very security concious like all companies have had to.

Good to know about using Acct id tho. I rotate passes and make them complicated, but I donot underestimate a hacker who has only to wack at something enough to use a password. There are billions of people on this planet w/ lostsa of brains and fingers workin overtime. They have alot of time on their hands apparently! Unfortunately, I have seen this happen with cp accts before. Not everybody is good with their passes (i.e. customers could have their acct broken into).You stated customer user id also. If you were using a packet sniffer you could target a decent size host like this and collect usernames then try to crack them. I am sure reseller accts would be a great challenge if the only thing needed was a password even if you use mixed alphanumeric and unusual characters. Now hopefully you guys would notice such a thing, but if a hacker was very patient it is possible. "Best practices" obviously lowers your liability if something were to happen.

Just my thoughts, yes, on an stale thread....

[Brangwyn]

Quote:

dictionary crackable.

With the speed of current CPU's thats almost not enough. I can bruteforce MD5 passwords in a matter of days SHA256 in a couple of weeks using one cpu if I disitrbute it then I can have it done in a lot quicker, virtually a matter of days days with the 9 machines I have here at home.

[mresell]

LOL, we all have our eye on the Kiwi, with a mini server farm in his living room!

[Brangwyn]

It's only a wee home network ............... honest

[naga]

Going back to Craig's post about adding username and other details, I was under the false impresession that by logging on to Control Panel, the reseller's information was attached to the ticket (atleast the userid). Anyway his post clears it.

Thanks

[Craig_Smith]

Naga,

Yes your right. If you submit a ticket through your H-SPhere reseller panel /home/submit new ticket, you will not have to include ANY information unless its an end user problem.

Unfortunately, most people do not submit tickets through their panel.

To complicate things even more, CPanel users will submit tickets via email and not tell us ANy information, which then takes any tech an avaerage of 10 minutes to figure out which plan/server they are even on BEFORE the ticket problem is even addressed.