New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Is this what I think it is? (Backdoor or support account?)
Just spun up a fresh Debian 10 Buster VPS from an easter egg promo
(looks like the offer thread has been deleted...I don't think they had a
provider tag). On first login, I found a /home/li directory, a valid
password entry for user li in shadow, and memberships in groups
sudo, adm, etc. No entries in authorized_keys, so I think
I'm safe. But still, doesn't this seem a bit fishy? I realize the
provider has full control/access anyway, so maybe it's nothing?
(BTW, this post was hell to edit. Cloudflare really doesn't like you talking about such things!)
Comments
You should check with your provider.
Sometimes providers intentionally keep access to perform automated tasks by user request. It’s one way to handle root password resets, for example. Probably one of the easier ways to code it. Worth checking with them, could just as well be a mistake.
I usually check specifically for this, if I find non-standard accounts I'll do a clean ISO install if possible. If clean installs aren't a choice, I might outright cancel and move. It depends how much I care to risk
If SSH allows password logins, the account may still carry some risk
It's too difficult to sign off on the modifications they may have made. This is the first and most obvious sign you aren't on a clean system, in my opinion
I intentionally go for services with limited support, they should not have access. I consider it a breach of trust in this case, even if it's a simple oversight in templates
For root password resets on VMs, I believe the QEMU guest agent can assist online. Offline libguestfs absolutely works
You're right it's often used for this, but it's often a sign you want to be somewhere else. There are better and smarter ways to go about it
why would anyone use default template anyway?
Perform clean install from iso.....
Reinstall from ISO. It could be a bad image from the provider.
That is likely Liang Zai's account. I think he is the sales manager and does some of the tech support at Pacifi-crack. You could think of it as a "debianuser" account but not as well known.
The above advise to reinstall from iso would be good to follow, if they allow that option.
EDIT: Please update us on how that VPS performs for you. Maybe network test from ping.pe/
That is Premier Li’s account. You’ve been hacked by the CCP.
Is that a serious question? SMH
Because it's fast and automated. Two clicks and two minutes instead of 50 clicks and 50 minutes.
The lazy ass/dumbed down way of commissioning a server.