著名的 Xen VPS 提供商 Linode 通知所有用户更改密码,因为检测到并已经屏蔽了在 Linode 网络上的可疑入侵行为。该入侵似乎是针对某个用户帐户的一次协调攻击。
虽然攻击针对的是某位用户,Linode 也确认了攻击的范围和影响,没有发现其他用户数据泄露的证据,也没有任何帐户的付款信息泄露。但是保险起见,Linode 还是重置了所有用户帐户的密码。系统会要求所有用户在登入 Linode Manager(Linode VPS 管理后台)的时候重新设置密码。Linode 同时建议所有用户更改自己的 LISH 密码,最好连 API key 也一并重新生成。
貌似被入侵的用户已经报警了,不知道是哪位大客户?
下面是 Linode 发出的通知全文:
Linode administrators have discovered and blocked suspicious activity on the Linode network. This activity appears to have been a coordinated attempt to access the account of one of our customers. This customer is aware of this activity and we have determined its extent and impact. We have found no evidence that any Linode data of any other customer was accessed. In addition, we have found no evidence that payment information of any customer was accessed.
We have been advised that law enforcement officials are aware of the intrusion into this customer’s systems. We have implemented all appropriate measures to provide the maximum amount of protection to our customers. Out of an abundance of caution, however, we have decided to implement a Linode Manager password reset. In so doing, we have immediately expired all current passwords. You will be prompted to create a new password the next time that you log into the Linode Manager. We also recommend changing your LISH passwords and, if applicable, regenerating your API key.
The following represent best practices in creating new passwords:
- Avoid using simple passwords based on dictionary words
- Never use the same password on multiple sites or services
- Never click on ‘reset password’ requests in unsolicited emails – instead go directly to the service
网络攻击真是多,连我也被牵连了。设置密码是一件非常痛苦的事情。©
本文发表于水景一页。永久链接:<https://cnzhx.net/blog/linode-manager-password-reset/>。转载请保留此信息及相应链接。
呃呃呃…
悲剧…
密码的确难设置
是啊,伤脑筋。这帮可恶的骇客!