I feel supported
I received an email from Dreamhost last night about what they thought were dubious activities on my shell account.
I logged in from a UK IP address and a mere minutes later, I logged in from a US IP address.
They immediately moved my .ssh folder to dot_ssh_disabled_by_dh and deleted all the crons I had installed. In the email was attached a copy of my crons, my new password and the email address of a real person to talk to.
Of course it wasn’t at all anything sinister - I was logged into a box stateside, needed to find script I had written almost a year ago and so ssh-ed to said account. I have logged into my account from other countries while traveling but never from the US - this triggered their monitoring system, I suspect they then keep a log of all countries I have visited from and no longer raise warnings from these.
A cursory glance at my history files, showed nothing out of the ordinary - I also checked my authorized_keys file before replacing my .ssh folder and peeked in at the processes running to make absolutely certain. I suspect there’s more that I could have done and that’s what the comments section is for 
Just for good measure, I requested a list of the IP addresses which have connected to my accounts in the last week and Mike from Dreamhost sent the below list back - it’s been trimmed for brevity.
1182960547 o2 GB 86.129.82.65 3ce52ef567bd5dca3a402d863dc14966
1182960547 o2 GB 86.129.82.65 3ce52ef567bd5dca3a402d863dc14966
1183519178 o2 US 208.97.184.215 583677e4675e68f885c58f93c08caa00
1183519178 o2 US 208.97.184.215 583677e4675e68f885c58f93c08caa00
1183519191 o2 GB 86.129.82.65 9fc63a607f18cd3b97c1e15060c5aeeb
1183519191 o2 GB 86.129.82.65 9fc63a607f18cd3b97c1e15060c5aeeb
1183520357 o2 US 208.97.184.215 cbd71d00be60dbff34315939f2eebef0
1183520357 o2 US 208.97.184.215 cbd71d00be60dbff34315939f2eebef0
1183520745 o2 GB 86.129.82.65 10fcfa719b4fc1aef734a7aac3903c60
1183983151 o2 GB 90.193.90.47 7ab6b13fc20332d496316d19a75c0cd7
1183983151 o2 GB 90.193.90.47 7ab6b13fc20332d496316d19a75c0cd7
1184240826 o2 GB 86.129.75.30 ab907df7b86beed9503bd945923fecac
1184240826 o2 GB 86.129.75.30 ab907df7b86beed9503bd945923feca
I keep a running tab of my laptop’s internet facing addresses* and ticked off the GB addresses. And indeed the US IP was the account I ‘d been connected to.
While it continues to bother me that they don’t support django out of the box and don’t plan to provide a database which supports transactions - by which I specifically mean postgres, the amount of detail they put into supporting the services they do provide is commendable.
Thanks Dreamhost - My heroes for the day.
*it is auto-generated when I log onto a network and set in an email to me - at the time I hoped it’d come in handy if my laptop was stolen
No comments yet. Be the first to comment this post.