Security Issues

DreamHost Security Issue

A possible security issue has been brought up in the forum at webhostingtalk.com. In some cases it might be possible for other customers on the same server to read files from your web directory and thereby get access to sensitive files including e.g. passwords. Dallas, one of the founders of DreamHost, explains that the issue is minor, and that it’s up to each customer to secure their files appropriately.

Even though DreamHost considers the issue to be minor, they have decided to change the default permissions on user directories. Accounts created within the last three weeks will already have the newer more restrictive permissions. Other accounts will be updated little by little to avoid any undesired side effects.

In case you’re concerned about this issue you can contact support to have the permissions changed immediately.

Hat tip: Greg

WordPress Security Issue

A pretty bad security exploit was included in WordPress 2.1.1. If you have this version installed you’re strongly encouraged to upgrade as soon as possible. If you’re unable to upgrade at the moment, the DreamHost Status Blog has a temporary solution.

3 Responses to “Security Issues”

  1. Pooya Karimian says:

    I had a good experience with Dreamhost regarding the security. I once found an issue which could potentially be very dangerous when combined with upload features of different web apps. I reported that to Dreamhost and they fixed it in a reasonable time and deployed it on all servers. So I am happy in that sense.

  2. mr.rangr says:

    Phew! I’m glad my “sensible” files will be protected. I’m not so worried about the frivolous ones, though.

  3. Unofficial DreamHost Blog says:

    mr.rangr – Corrected! Thanks…