For the time being, I'm going to leave both datacenters unnamed.
Here's the scenario. I have a server with datacenter X. I've been having some recent problems with that server, and they are in fact replacing the server altogether because the problems have been so constant. Although this took over a month, but that's another story.
I also have another server at datacenter Y, this server is fine, it's operating most of my main business sites.
The servers located at datacenter X and at datacenter Y both HAD the same root passwords (woops).
Today, someone from datacenter X, logged in as root to my server at datacenter Y!! I know this because of the last login message when I login to the server states the dns info of the last person to login (ie: lastlog).
I should also note, both datacenters are MAJOR providers and are very well known on WHT for dedicated server providers.
My question, what should I do? I'm going to do the obvious and submit a ticket with datacenter X informing them of the unauthorized access, but what are my options beyond that? Can I continue to trust datacenter X? Can anyone?
Thanks.
Linear Mode
