Crazy DreamHost Promo

July 7th, 2007

07-07-07 could be your lucky day. DreamHost is bringing back the promo code that started it all… 777!

Many of you might have heard of the crazy promo DreamHost ran at the 7th birthday two and a half years ago. I assume they have gotten more than 50,000 new customers on this promo and it was indeed the same promo that lured me into signing up with DreamHost.

Now they are running the promo again, but only for today:


Sign up for a year of our “Crazy Domain Insane” package TODAY and use the promo code “777“. You’ll get an INSTANT discount of $110.16 off your bill.. leaving you at just $9.24.. 77 cents a month!

The Fine Print:

  • This offer is for new customers only – those who do not have an active account with DreamHost.
  • If you sign up and forget to use the “777” promotional code, you WILL NOT receive the sale pricing and boosted allocations. No amount of complaining will change this!
  • Domains and accounts may not be transferred from an existing DreamHost Web Hosting account to a “777” hosting plan.
  • We reserve the right to deny this sale pricing to anyone at our discretion.
  • This offer only applicable to one and two-year prepaid accounts. Monthly accounts are not eligible.
  • This sale will remain in effect until July 7th, 2007.
  • At the end of 12 months, your account will be automatically extended at the current (non-discounted) rate. You will then be asked to pay for your account if you’d like to keep it. If you do not wish to continue at that time, you may close your account via our control panel.
  • No referral credit will be provided to referers of customers who sign up for this promotional sale.

The “Crazy Domain Insane” package gives 146 GB disk storage, 1.46 TB monthly bandwidth and a free domain name. You can host an unlimited number of domains and subdomains. You get PHP4, PHP5, Ruby on Rails, Unix shell access, etc.

More info at

DreamHost Newsletter – July 2007

July 4th, 2007

Time for another newsletter in condensed form:

  1. Winners of the iPhone Contest
    overcelling400 won the iPhone contest. The 2nd and 3rd prizes can be found on the official blog.
  2. iTunes Backup for Mac
    DreamHost customers can now get a free year of Bandwagon (Mac software to back up your iTunes library to your DreamHost account).
  3. Support Attachments
    It’s now possible to include attachments to your support messages. Great if you want to upload screenshots, log files, etc. to your support request.
  4. FTP Hack Explanation
    Latest info about the compromised FTP passwords in the blog. Apparently the main problem was users using FTP (which is an unencrypted protocol) instead of the more secure SFTP protocol. I strongly recommend to take a look at my 3 Tips for Secure Communication.
  5. New Charities
    Public Counsel and Apraxia-KIDS
  6. Vote On Us
    DreamHost is nominated for two Blogger’s Choice Awards in the Best Blogging Host category and the Best Corporate Blog category.
    DreamHost Site of the Month: HorseGirlTV

2½ Hours Left to Participate in the Contest

June 29th, 2007

Last chance if you want to participate in the contest.

Here are my own entries:

Galaxy getting new software
Galaxy getting new software!

Monkeys in the Cage
Monkeys in the Cage

Cardboard computer
DreamHost Power

Win an Apple iPhone

June 28th, 2007


DreamHost is having a contest on their blog where you can win one of the incredible hyped Apple iPhones.

All you have to do is to submit an image that best illustrates the cause for mysterious DreamHost downtime! The cuter the better, the cleverer the better, the cornier the better, the DreamHost logo-ier the better.

The deadline for the comment post is 6pm PDT Friday June 29th, 2007; west-coast iPhone launch moment!

Some of the submissions so far:







Best of luck to everyone participating!

WordPress Upgraded

June 23rd, 2007

WordPress 2.2.1 was released two days ago and is now available as an One-Click install/upgrade in the Control Panel.

This version includes a number of bug fixes and addresses a number of security vulnerabilities and it’s therefore strongly recommended to upgrade as soon as possible.

If you use DreamHost’s One-Click Upgrade please remember to back up your existing installation as the upgrade might overwrite any customized files.

SSL Certificate Renewal

June 22nd, 2007

If you’re using SSL IMAP, POP3 or SMTP (as recommended) you’ll have noticed that DreamHost’s SSL certificate expired today.

DreamHost’s new certificate uses a wildcard subdomain *, so it should now be possible to change your mail servers to to get rid of the “host mis-match” error. This means that you no longer have to use the HOSTS-file hack to avoid the warning message.

DreamHost has also now created a certificate you can install to make DreamHost a Trusted Root Certificate Authority. This implies that your system will automatically trust SSL certificates issues by DreamHost in the future and you will avoid any warnings about the certificate being issued by a untrusted or unknown certificate authority.


Updated: Apparently this type of wildcard certificate doesn’t work with sub-sub-sub-domains in Outlook, Outlook Express and OSX? These users will still have to use the hack to avoid warning messages.

DreamHost FTP Accounts Hacked

June 6th, 2007

Within the last 2 weeks approximately 3,500 DreamHost users have had their FTP account passwords stolen and about 20% of the affected users have had some of their files altered.

The users were notified of this security breach by DreamHost staff today:

From: DreamHost Security Team
Subject: URGENT: FTP Account Security Concerns…

Hello -

This email is regarding a potential security concern related to your
‘XXXX’ FTP account.

We have detected what appears to be the exploit of a number of
accounts belonging to DreamHost customers, and it appears that your
account was one of those affected.

We’re still working to determine how this occurred, but it appears
that a 3rd party found a way to obtain the password information
associated with approximately 3,500 separate FTP accounts and has
used that information to append data to the index files of customer
sites using automated scripts (primarily for search engine
optimization purposes).

Our records indicate that only roughly 20% of the accounts accessed -
less than 0.15% of the total accounts that we host – actually had
any changes made to them. Most accounts were untouched.

We ask that you do the following as soon as possible:

  1. Immediately change your FTP password, as well as that of any other accounts that may share the same password. We recommend the use of passwords containing 8 or more random letters and numbers. You may change your FTP password from the web panel (”Users” section, “Manage Users” sub-section).

  2. Review your hosted accounts/sites and ensure that nothing has been uploaded or changed that you did not do yourself. Many of the unauthorized logins did not result in changes at all (the intruder logged in, obtained a directory listing and quickly logged back out) but to be sure you should carefully review the full contents of your account.

Again, only about 20% of the exploited accounts showed any
modifications, and of those the only known changes have been to site
index documents (ie. ‘index.php’, ‘index.html’, etc – though we
recommend looking for other changes as well).

It appears that the same intruder also attempted to gain direct
access to our internal customer information database, but this was
thwarted by protections we have in place to prevent such access.
Similarly, we have seen no indication that the intruder accessed
other customer account services such as email or MySQL databases.

In the last 24 hours we have made numerous significant behind-the-
scenes changes to improve internal security, including the discovery
and patching to prevent a handful of possible exploits.

We will, of course, continue to investigate the source of this
particular security breach and keep customers apprised of what we
find. Once we learn more, we will be sure to post updates as they
become available to our status weblog:

Thank you for your patience. If you have any questions or concerns,
please let us know.

Evidence suggests that the attack has been targeted websites with a high Google PageRank and that the attacker has used his access to add a number of hidden spam links to the bottom of the affected pages in order to increase search engine rankings.

Prominent blogs like mezzoblue (PageRank 8), Crooked Timber (PageRank 7) and Caydel’s SEO Blog (PageRank 6) has been affected.

DreamHost haven’t made public yet how the attacker had gained access to the server, but some users think that the upgrade of WebFTP this afternoon might be related.

Hattip: Jeffrey R.

Updated 16:08: DreamHost has just posted about the security breach at the DreamHost Status Blog.

Updated Thursday 18:49: More info on the status blog. Other web hosts has been attacked as well. Affected users who have not yet changed their passwords will be forced to do so before they will be able to upload anything again.

Updated Friday 17:12: It’s now possible to disallow FTP logins to force users to use SSH and/or SFTP.

Updated Monday 15:17: New blog post about the Web Hosting Break-Ins at the Status Blog.

DreamHost Newsletter – June 2007

June 5th, 2007

The newest DreamHost Newsletter in condensed form: 

  1. Your Own DreamHostStatus Feed
    personalized-rss-feed.gifPersonalized RSS feed with news from The feed only contains news about events regarding your Web, Email or MySQL server. You’ll find the link to your RSS feed in your Account Status.
  2. Power Switcheroo
    Redundant power to 12 more racks.
  3. Tiny Panel Changes
    New login page, faster load times and “Access Privileges” moved to “Users”-tab.
  4. Ruby on Rails Upgraded
    RoR upgraded to 1.2.3 as previously reported.
  5. Vote on Us
    DreamHost nominated to a Bloggers Choice Award.
    DreamHost Site of the Month: Hybercombofinish.

Ruby on Rails upgraded to 1.2.3

May 31st, 2007

As announced two weeks ago a new version of Ruby on Rails has just been rolled out.

DreamHost is now running Rails version 1.2.3 and Ruby version 1.8.5.

This update in mainly a maintenance release making Rails compatible with the newest version of Ruby (1.8.6).

Only two new gems has been added in this update: ruby-debug and tzinfo. ruby-debug is a command line interface for ruby-debug-base (a replacement for drb breakpointer) and tzinfo is a daylight-savings aware timezone library.

The following gems have been upgraded in the same process: actionmailer (1.3.3), actionpack (1.13.3), actionwebservice (1.2.3), activerecord (1.15.3), activesupport (1.4.2), rake (0.7.3).

Lucky Contest Winners

May 16th, 2007

The winner of the When-Will-DreamHost-Pass-500,000-Domains Contest has now been found.

The Big 5-oh-oh-oh-oh-oh!The other DreamHost Blog started to announce the winners of our contest yesterday, but they jumped the gun and didn’t get the details straight, probably because Josh was in a rush not to be scooped again… ;-)

The question wasn’t when DreamHost would announce that they passed 500,000, but which exact day it happened according to WebHosting.Info.

The correct answer was May 13th, 2007!

Nobody had the right answer, but 6 out of the 108 entries were within one day of the correct answer. Keating and Razy was one day early and Kevin Hatfield, Jessica, May and SC was one day late.

iPod ShuffleOut of these six entries Jessica Yu from Calgary, Canada has been drawn as the lucky winner of an iPod Shuffle.

Congrats Jessica. The iPod is on its way…

But that’s not it…

Josh from DreamHost has kindly agreed to sponsor an $80 account credit (the cost of an iPod shuffle) to the five runner-ups: John Keating, Razy, Kevin Hatfield, May, Sze Chuen Tan and to the two who guessed on May 15th, 2007: George Tyshchenko and Matt Skorina. Congrats to all of you!

Finally is just to say thank you too all the participants and to DreamHost for sponsoring the gift certificates.