[kijin]

> The access that HTP obtained does not, full stop, lead to root on Linode instances without at least one shutdown job or change of root password job showing up in your Linode's history that you did not ask for.

If they had access to the database, it may have been possible to delete malicious jobs from people's histories. Even if the user had email notifications turned on, an attacker with full access to the database could have turned it off temporarily (just flip a boolean flag).

[tiredofcareer]

That's a good point and I hadn't considered it. It still reboots your Linode, though; worth considering a 'echo "I just rebooted! Did you expect that?" | mail' in your rc.local for this reason, since a reboot should be an infrequent event.

[singlow]

yeah, but will likely reboot it into recovery mode so they can remove anything like that from your boot sequence anyway, and if they don't notice it, they will be done by the time it goes out anyway. External monitoring is the best way to notice the node went down.