- Now hosting over 2,200,000 domains!
|
#26
05-24-2008, 10:50 AM
|
||||
|
||||
Re: Forced password update!
Quote:
When I tride to get my password on chat I was directed to CALL support, who in turn verified some personal information before releasing a password that I could then change in cpanel. My experience was pleasant and very secure, and I was paying close attention to what was going on and the questions asked. Everything happend the way it should have. Kudos to Michael M. and Nicole M. You score a 10!
__________________
Brad Penrod Website Designer Learn or teach something new each day, or what's the point? Last edited by ShelbyGuy; 05-24-2008 at 04:57 PM. 
|
|
#27
05-24-2008, 10:56 AM
|
|||
|
|||
|
Re: Forced password update!
Quote:
... Last edited by lxndr; 05-24-2008 at 11:25 AM.
|
|
#28
05-24-2008, 11:09 AM
|
||||
|
||||
|
Re: Forced password update!
Okay, I changed my cpanel password, but I'm confused as to whether I am also supposed to change my password on the modernbill system - my old pw is still working. I'd appreciate some clarification on this. Thanks.
|
|
#29
05-24-2008, 11:20 AM
|
|||
|
|||
|
Re: Forced password update!
Quote:
A company with 150+ employees, 20,000 resellers and a MILLION hosted domains should have an attorney on permanent staff and probably a PR person who together could form a communications plan that drive customers to action, without raising fears . I apologize for this being edited. The staff member who did this has been dealt with. Last edited by GatorBrent; 05-29-2008 at 07:30 PM.
|
|
#30
05-24-2008, 11:25 AM
|
|||
|
|||
|
Re: Forced password update!
Quote:
|
|
#31
05-24-2008, 11:51 AM
|
||||
|
||||
|
Re: Forced password update!
Quote:
 Many long-time users are very happy here. I have been with some HUGE hosting companies that cannot hold a candle to HostGator! I have been hosting sites since 1997 and HG is the best yet! Fanboy? Yes, I guess I am. 
__________________
Brad Penrod Website Designer Learn or teach something new each day, or what's the point?
|
|
#33
05-24-2008, 12:10 PM
|
|||
|
|||
|
Re: Forced password update!
Yes, I understand the rationale and necessity behind this move. The urgency, and particularly the timing over a holiday weekend, suggests that the security threat is more dire and immediate than Brent is letting on. Although I was startled and upset to see the e-mail this morning, I had no problem retrieving the assigned password and then using it to log in and change it to something I can remember, without the need for live human support. It was a minimal inconvenience for me, and a pleasant surprise because emergency changes like this are prone to glitches.
But I suspect that many people won't have as easy a time as I did. I can only hope that Brent at least prepared for the deluge of emergency technical support by placing a full staff on overtime to provide the necessary support for the inevitable glitches. If he didn't, than he deserves to lose a lot of business. As Brent says in his post, this situation seems to be the result of a long-term failure to plan adequately for security. Failure to plan inevitably leads to crises that cost a lot of money and create lots of unnecessary anguish for employees as well as customers. That's exactly what we now have. We'll have to see how the costs and anguish fall out. I work in a large bureaucracy in which failure to plan constantly creates crises. So this is a familiar situation. The lesson that should be learned (and I hope Brent has learned it) is that it's better to plan up front and avoid crises than to react to crises. Unfortunately, my organization has learned the opposite lesson and now prides itself on its ability to react ever more rapidly and furiously to crises. That's not the way to do business.
|
|
#34
05-24-2008, 01:08 PM
|
|||
|
|||
|
Re: Forced password update!
Three quick questions. First, it seems to me that you guys have left yourselves open to another breach, in light of the way this was described:
Quote:
Secondly, when I do go there and enter in my information it shows me a new password, but that password does not work for my cPanel login. I understand that means that I am still in the queue to be processed. My question is, since I am in the queue, will it just change it to the new password again, even though I just changed it manually in cPanel? Lastly, you still haven't answered (in this thread, anyways) whether or not this affects our billing passwords, and whether or not they have been, or there is a chance they were, compromised. Thank you. -Michael Last edited by mvandemar; 05-24-2008 at 01:11 PM. Reason: cause I can't spell
|
|
#35
05-24-2008, 01:10 PM
|
|||
|
|||
Re: Forced password update!
nfo: Welcome to HostGator Live Chat! You are now chatting with 'Cody S'
Cody S: Welcome to HostGator, how may I assist you? max: What the Heck - no one has any business changing my passwords. If you have not changed over to modern bill yet - then what good would it do anyway? This is foolish - you have emailed me and told me you don't trust your employees with my password - that makes no sense - even if you don't have my password - you are domain admins - and can access anything - I'm an IT vetran for over 30 years - this is the silliest move I've ever seen. And now what Cody S: I aplologize for the trouble. There is a forum post regarding this here: http://forums.hostgator.com/showthread.php?t=33170 max: don't need a forum and don't put me off on that - I'm a customer not a forum reader -please. max: has modern bill been replaced yet? Cody S: No it has not been replaced yet. max: then what good is changing my password then? max: r u there? max: 12:03 Cody S: For those questions I would refer to the forum post from the owner of our company. max: gIVE ME HIS EMAIL - i DON'T DO FORUMS. oTHERWISE i'LL START MIGRATING. max: AND WHAT IS MY PASSWORD - I CAN'T GET IN? max: 12:06 Cody S: You can email sales@hostgator.com with attention Brent in the subject line. max: What is my password??? Cody S: What is your primary domain name? max: buck55 max: .com max: 12:07 Cody S: One moment please. Cody S: What is the last 4 digits of your credit card number on file? max: I don't know Cody S: We would have to verify that to give you the password. max: This is the biggest joke I've ever seen - it demonstrates they real company Gatorhost is - I'm blown away - and to think I trusted y'all. How can I log in to see whick credit card you have - I have about 10???? Cody S: You can login at https://secure.hostgator.com/billing max: What security breach did y'all experience? max: If you had one - you are legally bound to inform your customers. Cody S: We did not have any security breach. Cody S: The reasons it was done are explained in the forum post. max: I don't believe that - your company would not just all the sudden do this - I read the email brent sent - it has no logic. First it says my password is not strong enough (Even Google say's it's Very Strong) then the email ends up admitting past employess have access and that the billing system you have not even replaced compromises security. There is a fishy smell to all this - max: "We've recently done an audit of HostGator's web hosting services and have found that many of our customers have a weak password." max: "During a six year period we've had a lot of employees that have come and gone! Do you feel secure knowing that they have once had access to your password? I know I don't! Thus the reason we are forcing you to update!" max: "We are about to launch our new billing system. The current system we use (modernbill) displays your password for every employee in the company to view. We have reached the size that no matter how trustworthy our employees are it's only a matter of time before we hire the wrong person that's going to attempt to do something evil." max: The last word "evil" is what bother me the most - this letter from Brent identifies You and all employess as potential "EVIL" - this is so not business like and I've never heard a company - this is scary stuff - sounds like Brent is up against something... max: I suggest Brent get a lawyer before he sends out a letter like this and allow the lawyer clean it up - I hope you are not the "EVIL" person that Brent wrongly hired - you can see my password and you might be the employee Brent hired and per his letter - "the wrong person that's going to attempt to do something evil." max: What a flippin joke this max: is max: 12:24 Cody S: I apologize for the trouble you have had. I am only here for basic support and have no control over this. max: Got it - sounds like you need to look for a new job Cody - Brent may not trust you - I'd hate to work for someone that did not trust me!!!!!!!!!!! Good Luck. Please let Brent know - since I don't do forums - he is welcome to contact me - you have my account info therefore you have my email address. I have not intention sending a generic message to sales@... to Brent. I will be looking at my options. Thanks, Max max@picassomax.com max: 12:27 Cody S: Ok I will pass along your comments.  
|
|
#36
05-24-2008, 01:26 PM
|
|||
|
|||
|
Re: Forced password update!
Max is extreme and over the top, but I do see the logic in his first statement. If the client billing system has not been replaced, why change the passwords now?
When you move to the new system, they are not guaranteed to be secure. Your company should have moved to the new system and THEN changed everyone's passwords. That would make sure no one has had a chance to jot down any openly viewable passwords... Does this not make sense? Or am I missing something? I appreciate Gator for making things more secure and realize what an undertaking this must be.
|
|
#37
05-24-2008, 01:31 PM
|
||||
|
||||
|
Re: Forced password update!
Quote:
Yeah??? Then it would have been nice if the email that came to my registered email address would have had MY name on it instead of this: >Dear Michael Paycher, > >We've recently have done an audit of HostGator's web hosting services and have found that many >of our customers have a weak password. > >In an attempt to secure your hosting further we have changed all of our customers passwords to a >randomly generated password that meets our guidelines..." ETC. My name is NOT Michael. You guys scared the crap outta me.
__________________
www.QualityArticles.com ArticleWritingNews.com aikido-defense.com - for sale! VoiceOfDepression.com Last edited by kitfanc; 05-24-2008 at 01:34 PM.
|
|
#38
05-24-2008, 01:38 PM
|
||||
|
||||
|
Re: Forced password update!
Max, were the last 4 emoticons added by you, or by the Tech? If the Tech did that, I suspect Brent will "rip him a new one", if you get my drift.
That said... I would far rather a company admit its mistakes, warts and all, then to not do so. Could this have been handled better? Yes. Did HG, and Brent specifically, have the luxury of hindsight when he made the decision to do so? No. "Monday-Morning Quarterbacks" (to borrow an old phrase) blow a lot of smoke out ther ass but, in the end, accomplish nothing. And in case anyone thinks I'm being a "fanboy"? I suspect there's an employee or several at HG, including a high-level Admin, whose personal customer notes on me include the word "prick" somewhere in them. And yet, they continue to help me. Just so you know. RV
|
|
#39
05-24-2008, 01:52 PM
|
||||
|
||||
|
Re: Forced password update!
Quote:
It is very amazing how desparate need some people have to make themselves a fool  This guy "doesn't do forums" but he had to post this... 
__________________
quietFinn - netFinn Finland "Be who you are and say what you feel because those who mind don't matter and those who matter don't mind." - Dr. Seuss
|
|
#40
05-24-2008, 02:01 PM
|
|||
|
|||
|
Re: Forced password update!
well this crisis can be with any one. (: Better is we should cooperate with the hostgator.
My whm password is change and reset now.. by hostgator...(: i am with hostgator since from 5 years now...infect right now i am having a vps and my own windows dedicated server with softlayer but we are not in hosting so most of our tech support is handling by touch-support, usa. but still i am here and enjoying my reseller pack with hostgator...hhha i am a indian and i am doing my IT business in india. Here in india there is some channels you cant trust the employees. infect there is lots of BPO company here in india where i have seen lots of ex employee selling the list of valuable customers to third party and i was seen this in one news channel india, it was during a one sting operation. Most of the bpo companies here in india, now a days are putting a detectives behind the employees, these detective agencies also putting their staff with the internal organization to just watch each and every existing employee like what they are doing etc... (: but this will be very difficult for brent... its all difficult to manage the remote employees... i think if user is alert and know it responsibility to change its whm or cpanel password on monthly basis or weekly basis then that will save the time and tensions. its better to provide a cooperation rather then thinking about negative things blah blah this kind of situation is common for every big organization....but only thing is security mechanism where the hostgator should work on ,when they selecting a correct employee.. its good to save the money by selecting a remote employees but outside the network if the work is flowing that also be part of risk....... hostgator i think atleast think about this... "outsourcing and its security" so better is all customer should calm...if password is change then contact support , they will fix it in quick but not more then 4 mins...thats all..
|
|
#41
05-24-2008, 02:01 PM
|
||||
|
||||
|
Re: Forced password update!
Quote:
And obviously the person calling you "fanboy" doesn't appreciate the midwest ethos.
|
|
#42
05-24-2008, 02:06 PM
|
||||
|
||||
|
Re: Forced password update!
No one called me a fanboy (not yet anyway, lol), I was just trying to head off anyone thinking I was blindly jumping on HG's wagon.
Thanks, gwyneth. RV (P.S. I'm envious of where you live, if your "location" is true. :P)
|
|
#43
05-24-2008, 02:14 PM
|
||||
|
||||
|
Re: Forced password update!
Quote:
 Some people just are not happy unless they can make someone else look bad. I have had the pleasure of dealing with Cody and never had an issue. No, live chat does not have emoticons; that was an obvious attempt to make Cody the bad guy. Way to go Max  Not!
__________________
Brad Penrod Website Designer Learn or teach something new each day, or what's the point?
|
|
#44
05-24-2008, 02:15 PM
|
||||
|
||||
|
Re: Forced password update!
What is the criteria for an acceptable password as defined by CPanel? All of the ones I want to use (and which are acceptable where I work, for my online banks, etc) are being rejected.
This is my 4th request for this information.
__________________
Many is the word that only leaves you guessing. I live for my dreams and a pocket full of gold.
|
|
#45
05-24-2008, 02:18 PM
|
||||
|
||||
|
Re: Forced password update!
Quote:
I use this program to create my passwords at 72 bit strength: http://sourceforge.net/projects/pwgen/
__________________
Brad Penrod Website Designer Learn or teach something new each day, or what's the point? Last edited by ShelbyGuy; 05-24-2008 at 02:22 PM.
|
|
#46
05-24-2008, 02:22 PM
|
|||
|
|||
|
Re: Forced password update!
Informing us and making this an option is one thing. Forcing it on us all of a sudden so we are locked out until we do this is another. I've changed my password so I am back in, but I want to go on record and say I believe this to be an invasion of my account privacy. How do you know what my password is anyway?! Isn't it encrypted?
|
|
#47
05-24-2008, 02:25 PM
|
||||
|
||||
|
Re: Forced password update!
Quote:
|
|
#48
05-24-2008, 02:25 PM
|
||||
|
||||
|
Re: Forced password update!
The passwords on the accounts are encrypted, the passwords listed in the current Billing System, Modernbill, are not.
|
|
#49
05-24-2008, 02:27 PM
|
|||
|
|||
|
Re: Forced password update!
I'm new around these parts but can't say I'm impressed with this move. Hindsight suggests a "change your password within the week or we'll do it for you" approach would have prevented a lot of people being locked out of their own accounts, and a lot of grief as well.
[off-topic discussion removed] Anyway again, I have no idea if it's related but there was a mysql problem on a few servers this week, my own included, necessitating an update. Make of that tidbit what you will. And I agree, not much of a security update if the new passwords are still viewable in the old system. Unless, of course, at least one evil one has been ousted from the building. Why couldn't the new password be sent with the notification email? My info was confirmed and sent when I originally signed on a few months back. How is this any different? Last edited by GatorBrent; 05-29-2008 at 07:31 PM. Reason: This shoudln't have been edited. I'm extremely sorry the staff member who did this has been talked to.
|
|
#50
05-24-2008, 02:28 PM
|
||||
|
||||
|
Re: Forced password update!
Quote:
__________________
Brad Penrod Website Designer Learn or teach something new each day, or what's the point?
|
 |
| Bookmarks |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
|
|
All times are GMT -6. The time now is 11:46 PM.