Slashdot Mirror


Ask Slashdot: My Host Gave a Stranger Access To My Cloud Server, What Can I Do?

zzzreyes writes "I got an email from my cloud server to reset the admin password, first dismissed it as phishing, but a few emails later I found one from an admin telling me that they had given a person full access to my server and revoked it, but not before 2 domains were moved from my account. I logged into my account to review the activity and found the form the perpetrator had submitted for appointment of new primary contact and it infuriated me, given the grave omissions. I wrote a letter to the company hoping for them to rectify the harm and they offered me half month of hosting, in a sign of good faith. For weeks I've been struggling with this and figure that the best thing to do is to ask my community for advice and help, so my dear slashdotters please share with me if you have any experience with this or know of anyone that has gone through this. What can I do?"

1 of 176 comments (clear)

  1. If you value security and your data by mrsam · · Score: 5, Insightful

    Your provider has de-facto admitted that they messed up. These things happen. The only question is whether they would truly respond in a professional manner. If they do, and they agree to the following, do the following, and move on. Contact them, and request them to:

    * Provision a new virtual host for you.

    * You will copy all your existing data into your new virtual host, using your own copies of whatever you use the host for. You do have your own copies of everything, and you don't trust the host with the entirety of your data, right?

    * For convenience, I think it's ok to copy some data directly from your compromised host, provided that you're comfortable with whatever verification steps you deem are necessary to certify that it hasn't been tampered with. Data, no code.

    * When your migration is complete, your provider will swap in your replacement virtual host in place of the compromised one, which they'll decomission.

    Of course, for the duration of your migration, your host will not charge you for the second virtual host. You might consider negotiation with your host for an additional discount, as compensation for the work you have to do as a result of their security breach. I think that free hosting for however long it takes you to migrate, that is, no charge for the new virtual host, and billing suspended for your compromised host, would be fair. If that's the two weeks they're already willing to give you, then that's that.