Thread: Rant about my host service
View Single Post
    #7 (permalink)  
Old 05-27-2008
jeannedb's Avatar
jeannedb jeannedb is offline
Junior Member
Company name: NowAssistingYou.com
  
Join Date: Aug 2007
Location: Michigan
Posts: 254
Send a message via AIM to jeannedb Send a message via MSN to jeannedb
Default Re: Rant about my host service
Quote:
They are having possible security breaches? So why are you still with them?
If we're all talking about the same company, from the email I received, it doesn't really sound like a current security breach but instead an attempt to thwart possible breaches.

I've had a reseller and regular account with this company for several years and have had no problems with them and would have avoided confusion this morning if I read their email that came while I was out of town over the holiday.

This is the email I received with host name removed:
Quote:
Dear Jeanne Bolewitz,

We've recently done an audit of xxx's web hosting services and have found that many
of our customers have never changed their password since the inception of their accounts.

In an attempt to secure your hosting further we are updating our authentication
information for customers who have not recently changed their passwords with randomly
generated secure strings that meet our guidelines.

In order to obtain your new password please click the following link:

For ( xxx ) on ( xxx.com )

https://secure.xxx.com/password_reset/

You will need to fill in the email address, cpanel username, and the original cpanel
password to obtain your new password. If you are not sure of the original cpanel password,
or if you do not feel comfortable filling out the form, please contact us through live
chat.


How do you know this is from xxx?

1. We put your name in the email.
2. We have posted details regarding this change on our official xxx forums:
http://forums.xxx.com/showthread.php?t=xxxxxx
3. Mouse over the url and it is in fact https://secure.xxx.com
4. Try logging into your account and you will notice the password has been changed.


Why are we doing this now?

I myself understand what a huge inconvenience this is and I am extremely sorry for any
trouble it has caused. Here are my thoughts on why we are doing this huge security
update....

1. xxx has been in business since 2002 without ever requiring a password change.
That means it has been six years for many of our customers without ever changing a
password!

2. Things are a little different now then when I started xxx in my dorm room in
2002. Security is now a major aspect of running a web based business and regular password
changes is a step in the right direction to keep your accounts safe.

3. We are about to launch our new billing system. The new billing system we are close to
launching will never display the full password to anyone including myself!

*Please do not change your password back to what it was. We are trying to make sure we
are 100% secure as we migrate to our new billing system. I'm extremely sorry for this
inconvenience and thank you for understanding.
**This does not affect any resold account passwords or email passwords, only the
cpanel/ftp password was modified.

Sincerely,

xxx owner's full name
If when the company first started, employees did have access to account passwords and those employees are no longer employed there, then that is a security risk for those who have never changed their password. I did spend this morning using an online random password generator to change the passwords of all my accounts. And while I'm at it, I think I will use this time as a reminder to do the same for all of my banking/credit card accounts and then my online email accounts.

It's a pain, but it's something that should be done occasionally and today is as good a day as any.
__________________
Jeanne
NowAssistingYou.com
Virtual Assistant :: Web/Blog Design & Hosting :: Writer
Reply With Quote