With a little effort they could use ssh keys instead of passwords...
They should ask users to provide their ssh public keys, and use them to give access to a new provisioned server locking down password-based ssh logins. That's how other players (like AWS) do.
For a start they could just use a proper random root password, instead of a default one, and maybe only allow ssh access from the same netblock the install was ordered from.
However, one thing i don't get: Why is it that people don't log in immediately after it is ready? On Linode it only takes a few minutes to (re)install a VM, but GoGrid might be slower of course.
I have used GoGrid for a while. And though originally very critical of them(check my blog) haven't had too many problems lately. For both dedicated servers and cloud servers I've always had a random root password generated. Not sure how this person ended up with one that was g0gr1d.
As for your question, by the sounds of it he ordered a dedicated server not a cloud one. Those usually take them the better part of a day to setup.
That wouldn't help if the backend controlling requisitions is what's compromised (as other comments possibly point to), but you're right, it doesn't sound like these guys have any clue about security at all.
That's ok if you application is "standalone", but what happens when your app needs some backend webservice to properly run?
We pay for servers, we can't pirate them. I read articles from developers telling that most of their users are pirates. How could we use this situation to our advantage?
Apple introduced an API to check if the device is jailbroken, but after 6 months removed it without any explanation.
However you can still make some check, like to check if the path /private/var/lib/apt/ exists or not. Since many package managers for cracked apps are apt-based, you should be able to get most of jailbroken devices.
Sadly (afaik), no way to understand if your app on a device has been cracked or purchased.
This is a great news, thanks for your efforts on this!
However, it's really sad to have to pay the Microsoft toll over FreeBSD (afaik Windows EC2 Instances are a bit more expensive because the cost of the OS licence is factored into the hourly cost).
I hope Amazon will do something about this, like providing HVM-based Unix instances.
If you spend so much time, passion and money building a product like Dropbox you will try to defend it from every kind of threat: today the "piracy" topic is a hot one, sounds like its worse than killing someone, and Dropbox is hit by this "piracy" threat. I fully understand and respect Dropbox founders positions, and the DMCA issue is clearly a bug in my opinion (i wouldn't automatically send those kind of communications upon a system-forced file deletion, however).
I usually don't see so much innovation in this market, but this is a very big step forward if compared to the printed tabs spread in my house.
Congrats and keep up the good work!