07/14/2003 Cpanel2.nocspeed.com READ IMMEDIATELY

Due to the recent security issues all ssh access has been suspended. Also ALL accounts must change their passwords for ftp, mysql and control panel. Note the changing the password in the control panel also changes it for ftp.

You have 48 hours to change your passwords. Any user account that has not changed password at that time will have their password changed for them.

Examples of good passwords would be sKp19Dv25

We are going to re-evaluate our previos stance on ssh as it appears that a number of resellers were giving ssh access to all accounts. It is probable that ssh access will be removed from this machine.

[Hostlead]

misread

remove this post if possible

HL

Hostlead, we offer 2 control panels: Hsphere and cpanel. This is for our cpanel customers on the server cpanel2.nocspeed.com and has no effect on you or the other Hsphere customers.

[Brangwyn]

Like it or not, it is to your advantage to comply with their request. If any passwords have been compromised which is probably unlikely, though I don't know the full story on what happened but it sounds more precautionary to me, anyway if they have and it's your password used to enter the system becuase you couldn't be bothered changing it, and it's used to cause further "damage" then lets just say I wouldn't like to be you !.

Personally if it was me I wouldn't have given even 48 hours notice, I'd have changed all control panel and ftp passwords immediately.

Edit: Seems it doesn't effect you anyway!

Even though this doesn't affect our H-Sphere clients I would recommend that everyone examine their passwords. We've been looking at some of the user passwords on our servers and there are people actually using "password" as their password.

Take some time and make yourself a strong password, replace some of the letters with numbers like replace a "i" with a one and capitalize a letter in the middle. You can take a weak password like "password" and make it "P@22W0rD" which will take weeks to guess. If you don’t like that find a pattern on the keyboard you like, if your first initial is "M" then "cderfgyhn" would make the shape of an "M" on the keyboard. Next month you can use "iopol.,./" for the letter "I".

Most of you already know this but I'm just repeating it for the newer people who may think passwords don't need to be strong if you're not working with state secrets. WRONG, make sure you have a strong password, if someone has your password they can carry out actions on the server just like you, in fact we will treat it just as if you did it so you would be responsible for their actions.

Bottom line, if your password exists in any sort of list somewhere, be it dictionary, fictional book or high school year book you are at risk. There is no fee to change a password and it only takes 10 seconds.

I will now step down from my soapbox.

[Brangwyn]

Actually I'd be more concerned that you can actually examine the passwords, this implies clear text storing of them somewhere and is probably a bigger risk than just weak user passwords.

Brangwyn, that isn't the case.