Locking the root user account
The cloud is big business nowadays, and it’s now quite common to rent a virtual private server from companies such as Rackspace, DigitalOcean, or Microsoft Azure. These can serve a variety of purposes:
- You can run your own website, where you install your own server software instead of letting a hosting service do it.
- You can set up a web-based app for other people to access.
- Recently, I saw a YouTube demo on a crypto-mining channel that showed how to set up a Proof of Stake master node on a rented virtual private server.
One thing that most of these cloud services have in common is that when you first set up your account and the provider sets up a virtual machine for you, they’ll have you log in to the root user account. (It even happens with Ubuntu, even though the root account is disabled on a local installation of Ubuntu.)
I know that there are some folks who just keep logging in to the root account...