May I please have your root password, sir?
July 14, 2005 – 22:10 | LAMPHere’s an interesting (and real) story happened when I tried to set up a new dedicated server rented from 1and1…
I’m on the new server trying to update the Plesk license from Plesk’s own license manager, and keep getting some kind of “licensing server unreachable” error. The actually message indicates that some port between my new server and the Internet is blocked, furthermore I can’t ping any other IP except my own server and the DNS server which is on the same subnet.
So I call the hosting company’s tech support at 11pm. A gentleman tells me that the ports are blocked for new customers intentially until they can finish a verification process, which I now recall being stated in the post-server setup email. He then tells me to just wait for another 30 min before the ports are opened up. So I thank him, hang up, wait for about 20 min, and try again. Voila! pinging www.yahoo.com actually comes right back – but wait, it’s gone again after a few seconds. Go to check email, find one from obviously the gentleman I spoke with, apologizing his mistake of “not asking you some more verification questions” and asking me to call back.
So I call back and get connected to a lady. As friendly as the last one, she explains the same procedure to me again, and actually gets to asking me the verification questions, which are the usual ones at first – my name, address, phone number, until she gets to:
“Sir, could you please tell me the password to your 1and1 control panel?”
<what ?!> “Uh, I’m not sure I want to read my password over the phone.” <which is probably an international call telling from their accent!>
“Sir, that’s one of the verification questions I’m gonna have to ask you.”
<alright … fine…> “OK, it’s xxxxxxx.”
<tapping the keyboard> “Thank you, sir. Now, could you please tell me your root password?”
< !@#$%^&*><silence> “Right… It’s xxxxxxx.”
<tapping the keyboard> “Thank you, sir. Your verification process will be completed in FOUR hours.”
“Well… thank you…”
“Thank you, Sir. You have a nice evening.”
<hang up>
Realizing it might fail the “four hour long verification process”, I still went ahead and changed both passwords right after hanging up. If it will fail, I’ll deal with it tomorrow, but at least I can sleep tonight…
[update:] I gave it another try after about 45 minutes or so, and the blockade seemed to have been lifted. Good job, 1and1! (No, I’m not being sarcastic. My experience with 1and1 has been rather pleasant so far. It’s just the “give up your root password!” part being a bit rough.)
del.icio.us
digg this
reddit
dzone
Stumble it
3 Responses to “May I please have your root password, sir?”
Have you realized that they might already have it (even the new one you changed to) if they are using it to verify you?
By Angsuman Chakraborty on Jul 16, 2005
I know they have already had the control panel(their proprietary system) password in clear text, but the root password? I don’t think they have it in clear text, in fact, they shouldn’t even have it in the encrypted form either because with the server being dedicated they are not required/supposed to have any login access to the server (which they actually state rigorously in the TOS that they don’t _want_ to be responsible for any software maintenance.)
By Jing Xue on Jul 16, 2005
I’m having the exact same problem, and I just gave up both of the passwords over the phone. Wonderful!
By Travis on Aug 3, 2006