You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 18, 2018. It is now read-only.
As a Vultr (VPS provider) customer, I just received the below Email. The main vultr.com domain does not appear to utilise NS records that point to CF, nor does Vultr disclose what FQDNs/hosts they have which do utilise CF. I did manually find one -- https://my.vultr.com . And for posterity, http://my.vultr.com (non-SSL) redirects to the SSL version.
As such, I feel vultr.com should be added to the list.
From: "[email protected]" [email protected]
To: {removed}
Date: Fri, 24 Feb 2017 14:28:43 -0500
Subject: Vultr.com - Important Security Notice
Dear Valued Client,
As you may know, Vultr utilizes Cloudflare's CDN product to enhance the speed of our website around the globe and protect against various malicious attacks on our site.
Cloudflare recently revealed a security vulnerability that may have resulted in private data from sites whose data is behind the Cloudflare CDN. According to Cloudflare’s security team, the greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage. While Cloudflare patched the discovered issue quickly, it was possible sensitive data was leaked to third party search engines that cache data such as Google.com.
Cloudflare has worked with the security team from Google to search cached data for any relevant Vultr links and has confirmed no data was found. Based on this we have no reason to believe any Vultr customer information has been compromised via this Cloudflare bug.
This is a good opportunity to remind you of best security practices to secure your account:
Enable 2 factor authentication for your main vultr.com account login.
Change your control panel password every 90 days (or less).
Always change your Instance’s default password after initial deploy.
If you utilize the API service, ensure your API IP ACLs are configured correctly.
Routinely scan your computer for malware, spyware, browser extensions, and Virii that could compromise or leak private
information.
We will continue to closely monitor the situation and stay in close contact with Cloudflare should there be any change in the facts we have received thus far. Your account security is our top priority here at Vultr.
As a Vultr (VPS provider) customer, I just received the below Email. The main vultr.com domain does not appear to utilise NS records that point to CF, nor does Vultr disclose what FQDNs/hosts they have which do utilise CF. I did manually find one -- https://my.vultr.com . And for posterity, http://my.vultr.com (non-SSL) redirects to the SSL version.
As such, I feel vultr.com should be added to the list.
The text was updated successfully, but these errors were encountered: