What is Digg?Sponsored by Sony Pictures
Watch a scene from 2012, in theaters November 13 view!
whowillsurvive2012.com - Get ready for the biggest event in history – the end of time. How will you survive? 2012- opening 11/13
182 Comments
- Caydel, on 10/11/2007, -35/+117Yep, there's one in every crowd to catch my spelling mistakes....
- Scyth3, on 10/11/2007, -16/+95Note to self: Don't ever use Dreamhost...it's not quite dreamy.
- Caydel, on 10/11/2007, -19/+69This could have huge consequences... While most larger sites wouldn't be on Dreamhost, thousands of bloggers who use Dreamhost for cheap hosting are probably just now finding all the spam links on their sites. This is just rediculous.
- scronline, on 10/11/2007, -6/+36What really sucks is that people buy cheap hosting, and expect it to be good hosting. There's usually a reason why it's cheap.
- NotASenator, on 10/11/2007, -0/+30I guess that makes your project open-source now. Be happy.
- Nougat, on 10/11/2007, -4/+34@linkedlist (#7046160)
The sad fact is that security is lax everywhere. Dreamhost just got taken advantage of today. I'm certain that there are plenty other places which could be right in the same position, and with information more serious than some FTP passwords. - Caydel, on 10/11/2007, -3/+26Since this story broke an hour ago, it seems that someone has found a nasty XSS hole in the customer control panel: http://www.0x000000.com/?i=331
- betobeto, on 10/11/2007, -1/+21What @Nougat said. I've been through a whole share of web hosts (Interland, (MT), etc) and all of them have had serious security issues at some point or another. And their tech support also sucked big time too. Reading "Dreamhost sux! I'm moving to XXXX" comments is at least mildly funny from that perspective. 100% bulletproof hosting security is an illusion - and if some provider tries to sell you that it's just plain lying. Simple as that.
Best bet? Backup your stuff. Every time. Just in case. - albiniak, on 10/11/2007, -8/+27disclaimer: honest question follows.
why wouldn't you (dreamhost) want to use .htaccess or similar to block unauthorized users from even accessing the control panel login? - chrisgeleven, on 10/11/2007, -1/+20My account was one of the 3,500 accounts compromised. I received the e-mail this morning.
I just reset all of my passwords on Dreamhost plus did a quick look at the date modified timestamp on files in my account. Everything looks right as far as I can tell. They said most accounts, the person just used FTP and got a directory listing without modifying the files. It looks like that happened in my case.
It wasn't a case of a weak password (mine had a bunch of random characters and I use SFTP to FTP to my site), which means Dreamhost really screwed something up on their end.
I am going to wait and see what their response is. - Caydel, on 10/11/2007, -1/+17Not all the intrusions are recent - mine happened two weeks ago. I would suggest looking for any files modified within the last three weeks or so.
- chrisgeleven, on 10/11/2007, -4/+19Complete copy of the e-mail they sent me (minus my account name):
Hello -
This email is regarding a potential security concern related to your
'' FTP account.
We have detected what appears to be the exploit of a number of
accounts belonging to DreamHost customers, and it appears that your
account was one of those affected.
We're still working to determine how this occurred, but it appears
that a 3rd party found a way to obtain the password information
associated with approximately 3,500 separate FTP accounts and has
used that information to append data to the index files of customer
sites using automated scripts (primarily for search engine
optimization purposes).
Our records indicate that only roughly 20% of the accounts accessed -
less than 0.15% of the total accounts that we host - actually had
any changes made to them. Most accounts were untouched.
We ask that you do the following as soon as possible:
1. Immediately change your FTP password, as well as that of any other
accounts that may share the same password. We recommend the use of
passwords containing 8 or more random letters and numbers. You may
change your FTP password from the web panel ("Users" section, "Manage
Users" sub-section).
2. Review your hosted accounts/sites and ensure that nothing has been
uploaded or changed that you did not do yourself. Many of the
unauthorized logins did not result in changes at all (the intruder
logged in, obtained a directory listing and quickly logged back out)
but to be sure you should carefully review the full contents of your
account.
Again, only about 20% of the exploited accounts showed any
modifications, and of those the only known changes have been to site
index documents (ie. 'index.php', 'index.html', etc - though we
recommend looking for other changes as well).
It appears that the same intruder also attempted to gain direct
access to our internal customer information database, but this was
thwarted by protections we have in place to prevent such access.
Similarly, we have seen no indication that the intruder accessed
other customer account services such as email or MySQL databases.
In the last 24 hours we have made numerous significant behind-the-
scenes changes to improve internal security, including the discovery
and patching to prevent a handful of possible exploits.
We will, of course, continue to investigate the source of this
particular security breach and keep customers apprised of what we
find. Once we learn more, we will be sure to post updates as they
become available to our status weblog:
http://www.dreamhoststatus.com/
Thank you for your patience. If you have any questions or concerns,
please let us know.
- DreamHost Security Team - Amateurcruzer, on 10/11/2007, -1/+16Not affected, but this really bothers me..
This has been exploited for 3 weeks? That is completely crazy! - bluenile, on 10/11/2007, -0/+15Dreamhost is not alone, a few days back May 22 to be precise, Brinkster another big hosting company sent a similar email to hundreds of its customers, me included.
=======================================
Dear Customer,
Thank you for using Brinkster as your hosting provider.
Brinkster has reason to believe some User Names and Passwords may have been compromised. Brinkster's customer's credit card information has not been accessed.
To ensure website security, we mandate that you change your password for your account. If you do not change your password, Brinkster will automatically change it for you.
To change your password, please log into your account at www.brinkster.com and access "User Settings" within the Control Panel.
If your password has been changed by Brinkster you will receive an email notice.
If you would like to retrieve your password, please visit www.brinkster.com, select "Customer Login" at the top of the page, then select "I forgot my password".
We apologize for any inconvenience this may have caused you. If you have any questions, please do not hesitate to contact us.
Kindest Regards,
Brinkster Support
Email: Support@Brinkster.com
Live Chat: http://www.brinkster.com/livechat
Phone: USA: 1-800-345-7084, Outside USA: 1-757-222-3424 - estacado, on 10/11/2007, -1/+16Stay away from anything that has the word "gator" in it.
- Noctem, on 10/11/2007, -0/+14The reason you see those is because DreamHost has an excellent referral rewards program. They've got a pretty decent incentive to put their images on your sites.
- Error601, on 10/11/2007, -0/+14Where are you going to connect that packet sniffer? I
- kingkilr, on 10/11/2007, -9/+22... I have dreamhost and I didn't get this email, I'm tempted to go and demand a refund and just switch because they aren't secure OR keeping me informed.
- MacParrot, on 10/11/2007, -1/+12So a xsshole was exploited?
Why does that sound so dirty? - Scyth3, on 10/11/2007, -5/+16Your old password is: BIGBOY
- seks03, on 10/11/2007, -0/+10This seems to have already been patched.
- omgomgomg, on 10/11/2007, -13/+23more bad dreamhost news? it doesn't end! don't worry, they'll fix the problems with adding 7TB of bandwidth to your shared host account. loll
- folletto, on 10/11/2007, -1/+11Bah, I found funny who escapes a ship that has just been repaired and renewed.
It seems that now Dreamhost raised its security policies, patched its softwares and is going on an internal investigation. I think that this bug is fixed, so there's nothing more to worry. Now it ain't broken anymore, so why I should go away? :) - Nachoes, on 10/11/2007, -10/+20Marked as inaccurate. Dreamhost did not knowingly/willingly leak those passwords, they (DH) were cracked/hacked (whhichever you prefer).
- inactive, on 10/11/2007, -2/+11host gator sucks
- lithiumsystems, on 10/11/2007, -7/+16It is obvious from this and other panic situations that DreamHost lacks in management, service, security, and server maintenance to say the least.
two words:
SECURITY PROGRAM - estacado, on 10/11/2007, -2/+11Be more creative.
- cpuangel, on 10/11/2007, -0/+9Host Gator does suck, try communicating with their support people. Goddamn, those people cannot read or write...
- calmanny, on 10/11/2007, -0/+8Mine was one of the accounts compromised, and changes were indeed made to my files. Curiously, they weren't spam links but some sort of marker code within HTML comments.
I've changed my password and Dreamhost staff has been helpful in answering my questions and restoring my files. Unfortunately, the break-in itself has rattled me a little. I not only keep my business website there, but also have important SVN and CVS repositories on that account -- a decision I need to question. - optize, on 10/11/2007, -1/+9I'd like to see it done. Unless the shared hosting company is extremely stupid, there's no way you're going to change system files.
- dasunst3r, on 10/11/2007, -0/+8I would suggest that anybody staying on DreamHost:
1. Change their passwords
2. Go to Users > Manage Users in the CP and change their user User Account Type to SFTP account. This will make it so that you can only transfer via SSH, but you'll have to know your server's hostname, which you can find on the same page.
Hopefully, we can close even more holes. FTP is antiquated and frankly FTL. - chrisgeleven, on 10/11/2007, -0/+7That might be a problem. I did a wordpress upgrade on the 16th, so if there were any modifications, those were wiped out by the upgrade (I can't find any spam links on my pages). The time stamps for the new version of wordpress look right, so I think the files are fine.
I suggest those of you who have wordpress (or other similar systems that use a file like wp-config.php to store your mysql password) to change your mysql password and admin login for your particular site. - Error601, on 10/11/2007, -1/+8That's why you never store passwords...store rhe results of a one-way hash only.
- optize, on 10/11/2007, -5/+12So true. You get what you pay for.
- Caydel, on 10/11/2007, -0/+7Well, as far as I can tell, only the index.php or index.hmtl file in the root directory of the site is affected - if that is clean, you are all right!
- jamesweston, on 10/11/2007, -3/+9Well never mind. any one hosted by dreamhost and has been hacked they should just restore the last auto backup from /home/username/.snapshot and change there password
P.S Dreamhost rocks - smackhero, on 10/11/2007, -3/+9they seem to be handling this situation in a very professional manner--keeping users updated about the situation, investigating how it happened, and assessing the damage that was done. how would you have handled the situation? also, what other panic situations have they suffered recently?
and changing your password is standard practice when an old password has been compromised. and that's clearly not the only measure they're taking. i don't get what you guys are complaining about. - circusbred, on 10/11/2007, -11/+17Hostjury.com is garbage. Most host review sites, the reviews are written by the hosting company. XD
- blackjack75, on 10/11/2007, -1/+6"... I have dreamhost and I didn't get this email, I'm tempted to go and demand a refund and just switch because they aren't secure OR keeping me informed."
I have three different accounts on dreamhost. I received it only for one of them (specifically naming the domain) so I guess they only sent the mail to the 3500 who were concerned. - dview, on 10/11/2007, -0/+5I totally agree with you there. Dreamhost's security measures were compromised by an intruder; stating that they leaked passwords deliberately is complete bs.
- Dyogenez, on 10/11/2007, -1/+6I got 3 of those emails, one for each ftp account I had. Everything was pretty much on one which had a ton of damage done to it. People are saying it's only index.* files in the home directory but that wasn't my experience. EVERY index.*, main.* or home.* file, regardless of where it was was modified to have spam links at the bottom (around 70-80k of them in most cases). Dreamhost autoinstalls about 50 wordpress themes, all of which had index.* files that were hacked. Lcukily i could just delete the majority of them and only change the theme(s) i wanted to keep. But for custom created sites of mine sometimes the files were edited to add the links with part of the file removed. For some PHP scripts this meant they now threw errors. Luckily Dreamhost does store your backups from 1h/2h/1d/2d/1w ago, so from one of those I was able to get the fixes for the PHP script (i had it locally of course).
Sad thing was that when I discovered the hack on may 30th some of the 1w ago backups already had these hacks. Makes me wonder how long they've had access. - khyberkitsune, on 10/11/2007, -2/+7@smackhero
They're keeping people informed? My site got hit by this. I have *YET* to receive an email. It's sad I had to learn of this thru Digg instead of straight from the horse's mouth.
I can't wait until bandwidth in the USA becomes cheap enough to host my own serious server (minimum of a 20 megabit symmetrical connection) then I'll be rid of these hosting sites forever. - clickwir, on 10/11/2007, -0/+5To be honest, I've been with several hosts and gotten emails like this on all of them.
Dreamhost so far has been the best. - z00k, on 10/11/2007, -1/+6Still not as bad as when T35 got hacked... Over 450,000 Username and passwords... *sigh*
- Archon810, on 10/11/2007, -10/+14Jeez, am I glad I switched away from them just a few weeks ago...
- smackhero, on 10/11/2007, -1/+5FTA:
"Our records indicate that only roughly 20% of the accounts accessed -
less than 0.15% of the total accounts that we host - actually had
any changes made to them. Most accounts were untouched"
good thing they make pretty regular backups.
this looks pretty bad for dreamhost. but this kind of stuff is bound to happen to every web host eventually, especially one that's as big as dreamhost. and to be fair, they do a pretty good job of securing the servers considering how many users run unpatched versions of phpBB or other scripts. and it looks like they're on top of things, but i'll still be keeping an eye on dreamhoststatus.com. - masterkenobi, on 10/11/2007, -0/+4It's not hard to crack my password. It's the same one as my luggage.
Oops... - vibri2001, on 10/11/2007, -1/+5"These are not the passwords you are looking for...You may go about your business...Move along"
- Lennalf, on 10/11/2007, -0/+4Yeah, cuz it would be so much better if they censored the sites that they host, instead. Freedom be damned!
- dmobley, on 10/11/2007, -0/+4While I'm sure this will spark plenty of "dreamhost, more like LOLhost" posts and a lot of hate for Dreamhost in general (which always confuses me and seems to be written by people who want a dedicated, managed server with unlimited restrictions and only pay $10/mo for it)...
They told you there was a problem, rather than just letting you discover the spam links on your site yourself, and have you do a trouble ticket and they claim it's an isolated incident. That's standard procedure for OTHER web hosts for the most part. If your site gets hacked, EVEN if it's through a lack of security on some facet of the hosting provider's end, they'll deny deny deny and wait for you to figure it out yourself, while covering their own end. They won't be forthcoming with any disclosure and probably blame you for having an insecure site setup or a bad password or something that will absolve them of any blame and put it all on your inexperience as a website operator and point you to their TOS that says they're not responsible for hackers in any way at all.
Dreamhost is honest. They had a problem that affected a small number of people and they fixed it AND notified you AND told you what you need to look for and how to solve it. This is miles above what your average value priced host will do for you. Feel free to find out by switching your sites to some other $10/mo or less host and watch when you get the same sort of problems, with less disclosure, less help, and more blame on you whenever anything goes wrong. I've been there, and it's not like Dreamhost is doing anything significantly different on the wrong side from any other cheap host.
You get what you pay for with web hosting, and expecting too much out of a $10/mo host is definitely going to leave you endlessly frustrated. Dreamhost is good for blogs, small personal sites, hosting a website about your business, your hello kitty fansite, and all sorts of non-critical sites are all good. Same goes for any value host. If you're trying to host a serious website where you're conducting business or getting a ton of traffic, you're going to have to start paying for it at some point. If you've been able to get away with whatever you're doing that's super important on a value host, you're probably not as important as you figure and you're really not getting a lot of traffic anyway. -
Show 51 - 100 of 183 discussions
The Digg Toolbar for Firefox lets you Digg, submit content, and keep track of Digg even when you're not on the Digg site. Download the official 
© Digg Inc. 2009
— Content created and posted by Digg users is