Hacker News new | past | comments | ask | show | jobs | submit login

Also, is this customer service portal available via a public URL? Shouldn't some sort of VPN access be required to even get on the network hosting these things?



Can additionally restrict by IP which. That is also the way Verisign protects the registry system that registrars use (as well as two factor authentication).


It is public yes, this is it: http://manager.linode.com/


I think there is some confusion here. That's the link to the customer portal, which needs to be pretty public.

I have no idea how Linode's support team access accounts, but I would hope it is less public.


The title of their blog post is: "Linode Manager Security Incident" and that's exactly the name of the customer website where you can manage your instance, billing, etc.

I think someone found a way to gain access to any Linode customer account through the customer website and from there shut down the instance, changed root password and rebooted (you can do that from there).


I think it's just poorly worded - from the OP and what I've read elsewhere someone accessed the portal used for customer service employees that has access to options/all hosts.


In any event, it's not very clear, which adds to my confusion/worries as a Linode customer.


Yes the notes in the original pastebin post kind of indicated it was an issue with a "customer support" control panel, maybe it's just another method or area using the Linode Manager.

I just wish they posted a little more, it feels vague.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: