total hypocrite ([info]totalhypocrite) wrote,
@ 2007-06-09 14:29:00
Previous Entry  Add to memories!  Tell a Friend  Next Entry
My DreamHost account was compromised, along with something like 3500 others.

So some of my sites index.html files had been modified to serve invisible SPAM for SEO purposes, apparently.

DreamHost, instead of just fixing it, sent me an email telling me to check my account, check the index.html files (which were full of spam now) and change my passwords. Which I did.

But just now I checked and they were hacked *again* - this time with different SEO shit at the bottom of my pages.

So despite having done the stupid thing of paying DreamHost for a year and moving all my domains there, I assume it's time to pack up again and move servers. Anyone particularly enamored with their hosting service?

(6 comments) - (Post a new comment)


[info]zannah
2007-06-09 09:50 pm UTC (link)
I'm curious - what machine are you on? None of my accounts were apparently compromised, so I'm wondering if it was a specific machine. I read on another site that it was compromised via someone's unsecured script?

That really sucks, though. I've been with DH forever. :(

(Reply to this) (Thread)

[info]totalhypocrite
2007-06-09 09:57 pm UTC (link)
I'm on Frappe.

http://www.dreamhoststatus.com/2007/06/06/security-breach/

"A very small subset of our user accounts have been compromised due to a security flaw in our web control panel software."

From the original email sent to me --

"We're still working to determine how this occurred, but it appears
that a 3rd party found a way to obtain the password information
associated with approximately 3,500 separate FTP accounts and has
used that information to append data to the index files of customer
sites using automated scripts (primarily for search engine
optimization purposes).

Our records indicate that only roughly 20% of the accounts accessed -
less than 0.15% of the total accounts that we host - actually had
any changes made to them. Most accounts were untouched."

(Reply to this) (Parent)(Thread)

[info]zannah
2007-06-09 10:18 pm UTC (link)
Thanks for the info/link - when I looked when I first heard about this, dreamhoststatus had nothing.

(Reply to this) (Parent)

[info]liszt
2007-06-09 10:29 pm UTC (link)
OMG ugh. What a shitty situation.
I use Dreamhost and I keep hearing about their terrible problems, now that I'm actually with them. I heard only good things when I was on a different, way more $$ host.
I'm on their "hoho" server.

(Reply to this)


[info]busbeytheelder
2007-06-10 06:14 am UTC (link)
i love fourbucks.net. The 4/month account is acceptable if you just need a scrap area. I personally use the leet 8/month option. you can even find someone else to list as a referral.

you could always just use google pages ;)

(Reply to this)


[info]endquote
2007-06-10 04:13 pm UTC (link)
My stuff wasn't hacked, but I read somewhere that it was mostly domains with high page ranks. And mine... is not that high.

I don't have any better recommendations, but a client of mine moved to Mediatemple after their outages before, and I haven't been so into MT. Really crappy support there.

(Reply to this)

(6 comments) - (Post a new comment)

Create an Account
Forgot your login or password?
Login w/ OpenID
English • Español • Deutsch • Русский…