SitePoint Sponsor

User Tag List

Results 1 to 6 of 6

Hybrid View

  1. #1
    SitePoint Guru
    Join Date
    Jan 2007
    Posts
    967
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Multiple Dreamhost sites were attacked simultaneously

    Multiple Dreamhost sites were attacked simultaneously by the same bot that inserts code into php files.

    They claim it has nothing to do with them and its fault of each customer's website. I guess they are saying its a coincidence?
    They just announced they had a security breach last week and asked everyone to change their ftp passwords.
    Does their lack of accountability sound fishy or is it just me?

    http://discussion.dreamhost.com/thread-134262.html

    E

  2. #2
    SitePoint Member
    Join Date
    Aug 2010
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    In most cases, it is the user's fault for not keeping scripts up to date, however if it's several customers simultaneously, there's need for investigation and blame cannot be placed directly on any party. This is why security is important. Sorry to hear about those security issues, the culprits deserve a mud slinging session. Always keep backups and keep your passwords rotated every month or two.

  3. #3
    SitePoint Guru
    Join Date
    Jan 2007
    Posts
    967
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I haven't figured out the exactly where it got in, but I removed a number of legacy applications that weren't being used.
    My site was down for three days for causes not specifically related to the hack. It seems like Dreamhost was having some issues.

    Once the hack was in, it added a line of code to every php page it could find. Pretty annoying, but I cleaned it all up in an hour.

  4. #4
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    69 Post(s)
    Tagged
    0 Thread(s)
    Pretty interesting little hack. Once inside a page, that page becomes essentially an open terminal into the system, allowing someone to upload a file, execute mySQL, and run system commands.
    Never grow up. The instant you do, you lose all ability to imagine great things, for fear of reality crashing in.

  5. #5
    SitePoint Addict
    Join Date
    May 2005
    Location
    Tauranga, New Zealand
    Posts
    358
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by eruna View Post
    Multiple Dreamhost sites were attacked simultaneously by the same bot that inserts code into php files.

    They claim it has nothing to do with them and its fault of each customer's website. I guess they are saying its a coincidence?
    They just announced they had a security breach last week and asked everyone to change their ftp passwords.
    Does their lack of accountability sound fishy or is it just me?

    http://discussion.dreamhost.com/thread-134262.html

    E
    No, not fishy at all. These attacks are all automated and part of a criminal value chain. Its like a town where all the security guards have gone out to their company function. Why rob one bank only. Criminals will just rob them all.

    HTH, Jochen
    http://www.automatem.co.nz
    Websites, On-line Software and everything Internet
    Follow on Twitter | Connect on LinkedIn | Read on Posterous

  6. #6
    SitePoint Wizard
    Join Date
    Oct 2005
    Posts
    1,832
    Mentioned
    5 Post(s)
    Tagged
    1 Thread(s)
    Looking at that Dreamhost thread, it does sound more like the host was hacked and not individual clients.

    http://discussion.dreamhost.com/thre...62-page-2.html

    Almost all of my sites on Dreamhost have been attacked. Not just my own personal sites, but also client sites I have set up on separate accounts. This has never really happened before, which is why I've been a customer for so long. It's curious that this coincides with their massive security breach. I contacted them and 7 days later I was told it was my fault and they are not responsible for my files. In any case I trusted them to safe guard my passwords and in that regard they obviously failed.
    This kind of thing happens, unfortunately. What is most bothersome is that Dreamhost seems to be blaming the clients. If Dreamhost is to blame, and it appears that they are, they should "man up" and admit it and formulate a plan to prevent anything like that from happening again in the future.

    When I submitted my trouble ticket to DreamHost, I got back the form letter some of you also got, basically blaming the trouble on me, saying security was solely my responsibility, but that I could try, with no guarantees, restoring from DreamHost backups (if they have them).


    It's too bad there is no real ability to blanket ban all traffic from countries like Russia and its former satellites and China. That's where most of the hacking comes from.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •