Posts

Showing posts from August, 2013

An unflattering commentary on Rackspace cloud server security

I recently needed a new server instance for some testing. Normally I would go back to AWS as I've had problems with Rackspace in the past . Being open minded and assuming things have changed in the last couple years I thought I'd go back and try out Rackspace cloud for my testing (for reasons I will not name here). My first and most shocking revelation is that they have NOT fixed a key security problem. I'm going to outline this right now and hopefully somebody can fix it Problem #1: Login as root via ssh Guys...guys...guys(or gals)... It is baffling to me that you still allow this. Yes I get that you have a wonderful "Blacklist the my server ip when something goes wrong" and "then disable access to my console to fix" routine going on to protect your network if MY machine gets compromised due to your silly lackadaisical security. Wait, that's actually a negative thing too :) please stop, I'm not going to use you as a provider un...