"We will never ask for your password..."


  • Discourse touched me in a no-no place

    "...unless we ask for it"



    The hosting company I'm leaving has a bug in their 'change nameservers' form.



    I file a ticket, they respond by changing the nameservers for me. I'm still unable to personally change the nameservers. Which is a problem for me...



    @Webhost said:

    As per your request, we have changed the nameservers of the domain to the specified one. The logs are pasted below for your reference.

    @PJH said:
    This does not address my problem - I am still unable to change the nameservers myself using the control panel at <url>

    @Webhost said:
    In order to assist you in a better way, could you please get back to us with the domain management area login details?

    @PJH said:
    Not really. I'm not prepared to hand out login credentials

    1. over an unsecure communications channel such as email
    2. when every day people are warned not to give their passwords to anyone asking for them
    3. when you should be able to sort this out without resort to using my account.



      In fact, even simply asking for login credentials via email is unacceptable.


      [cc'd to their complaints department]

    @Webhost said:
    We can recreate the issues only if we have your logins. As we are the server administrator there are no issues in giving the passwords to us. Also can you please give the exact error you are getting while trying to change the name servers.




    So that's alright then, isn't it?


  •  So they don't have your login details? You should be happy. That would mean they do not store passwords in plain text.


  • Discourse touched me in a no-no place

    @badfubglur said:

     So they don't have your login details? You should be happy. That would mean they do not store passwords in plain text.

    A valid assumption, that is (sadly) false, since if you click the "forgotten password" link elsewhere on their site, they mail it to you. In plaintext.



  • I once had a similar problem with Newtek, they wanted an admin login on my site to check something about IIS.

    I just created a temporary account for them and deleted it once they were done.



  • I'm sure they're using a secure industry standard cypher like ROT13 or the doubly strong ROT26.


  • Discourse touched me in a no-no place

    @C-Octothorpe said:

    I'm sure they're using a secure industry standard cypher like ROT13 or the doubly strong ROT26.

    I'm sure they're not.



    Anyway, the original issue has been 'solved' in that they can (now!) replicate my problem. Their front end to OpenSRS is broken, and they're handing out the OpenSRS URL.. It's now clear from the chain of replies that they were in fact using the OpenSRS site when saying "it's working - it's not a problem our end," while expecting their customers to use their own site.



  • @C-Octothorpe said:

    I'm sure they're using a secure industry standard cypher like ROT13 or the doubly strong ROT26.

    And it keeps getting funnier EVERY SINGLE TIME I SEE IT!



  • @PJH said:

    @C-Octothorpe said:

    I'm sure they're using a secure industry standard cypher like ROT13 or the doubly strong ROT26.

    I'm sure they're not

    WHOOOOOOOOSSSHHHHHH



  • @bertram said:

    dur i dunt no how to play along



  •  I had that happen with my host, just changed the password to a new random 24 character string after the issue was fixed.


  • Discourse touched me in a no-no place

    @bertram said:

    WHOOOOOOOOSSSHHHHHH
    I don't think so. It's an old joke, and it's not particularly funny.



  • @bertram said:

    @PJH said:
    @C-Octothorpe said:

    I'm sure they're using a secure industry standard cypher like ROT13 or the doubly strong ROT26.

    I'm sure they're not

    WHOOOOOOOOSSSHHHHHH

    That's the sound of people laughing at that joke.

    All that's missing to complete the picture is a passing tumbleweed.

     


  • Discourse touched me in a no-no place

    @Zecc said:

    That's the sound of people laughing at that joke.
    I couldn't hear them over the sound of the crickets and dropping pins.



  • Do you hear that? That's the sound of forgiveness.



  • @PJH said:

    @Zecc said:
    That's the sound of people laughing at that joke.
    I couldn't hear them over the sound of the crickets and dropping pins.

    You know, I thought my Beetlejuice clip would convey this, and now I'm depressed.


  • Garbage Person

     This sort of bullshit is why my answer to 'what webhost should I use' is now 'either pay me to do it, colo a box (I can get you a killer deal with some buddies that have their own cabinet), or figure it out yourself'


  • Discourse touched me in a no-no place

    @Weng said:

     This sort of bullshit is why my answer to 'what webhost should I use' is now 'either pay me to do it, colo a box (I can get you a killer deal with some buddies that have their own cabinet), or figure it out yourself'

    Somewhat ironically, this is what I'm in the middle of doing, however the problem arose not with where the sites are being hosted, but with the DNS entries, which is not so easy to 'self-host.'



  • @PJH said:

    @Weng said:

     This sort of bullshit is why my answer to 'what webhost should I use' is now 'either pay me to do it, colo a box (I can get you a killer deal with some buddies that have their own cabinet), or figure it out yourself'

    Somewhat ironically, this is what I'm in the middle of doing, however the problem arose not with where the sites are being hosted, but with the DNS entries, which is not so easy to 'self-host.'

    Domain registrar will do the DNS for you. Or Amazon Web Services has DNS now.



  •  @PJH said:

    Somewhat ironically, this is what I'm in the middle of doing, however the problem arose not with where the sites are being hosted, but with the DNS entries, which is not so easy to 'self-host.'

    ZoneEdit. Why are we still talking about this?

     


  • Discourse touched me in a no-no place

    @Mr. DOS said:

    ZoneEdit
    That's nice. I can't find any phone numbers or brick and mortar addresses, though, on that site, especially under support, which appears to be a simple web-form.



  • I must admit I hadn't considered that, and I can see how it could be a business concern. On the other hand, ZoneEdit has been around for the better part of a decade and been quite reliable the whole time, so while they may not be appropriate for use in a corporate situation, I have no qualms using their services for anything I'm doing. Which may or may not be anything like what you're doing.



  • In a situation like this, I would see if I can screen share, show them on my screen what's happening, then let them take control to replicate the issue if necessary.  That not necessarily an option everywhere though.

    Changing your password afterwards is also an option, but I don't like the idea of changing my password because someone can't do things right.  (OHAI SONY).


Log in to reply