[rubypay]

Could this have been a vulnerability in Lish, which can be run from a browser using Linode's AJAX console?

http://library.linode.com/troubleshooting/using-lish-the-lin...

I've completely ruined networking and disabled root logins on a Linode VPS, but could still access that same VPS as root using Lish.