As you may or may not have heard, there was a recent security breach at DreamHost affecting roughly 3,500 accounts (and they were just the ones they admitted to). I don’t know the exact details of the hows and whys, but I do know that the most common ‘side effect’ is that people are finding iframes and dodgy spam links inserted into their index.php and index.htm documents.
You can find more about this at the DreamHost status blog, but I’d recommend taking heed of the following advice even if you’re hosted elsewhere.
- Change all of your passwords regularly, make them long and make them random. At least 8 characters with both numbers and letters.
- Keep an eye on your files. I’m not expecting you to have an in depth knowledge of all of the code in the scripts that you use but I don’t know of any script that randomly inserts spam links into your pages.
- Upgrade your scripts! Jesus christ, I cannot repeat this enough. UPGRADE. UPGRADE. UPGRADE.
- If you can’t tell if your script is secure or not, Google it. How hard is it to type in to Google “[script name] secure” or “[script name] exploits”? Not very. I have no sympathy for people who’re using insecure scripts when they already know they’re insecure.
Like I said, please listen to me even if you don’t use DreamHost. Even I’m paranoid right now and I know what I’m doing… (Usually.)
07 Jun at 9:32 pm
Ah Jem you always give good advice I’ll run down all these checks during my summer which starts tomorrow :D Always nice to be reminded. I used to have the domain http://www.courture.nu.
07 Jun at 9:53 pm
You know what would be fun, Jem? Looking at my new plugboard plugin and making sure she’s nice and secure ;)
07 Jun at 9:55 pm
I was going to order from DH last month, I always heard they were one of the best. So never going with them now.
07 Jun at 10:11 pm
Great just great. Boy, you sure do know how to ruin my evening, Jem ;) I am hosted by Dreamhost. This is going to take me a while again. Three WordPresses to check plus multiple secret scripts that tell me who is there and what is downloaded. Don’t have to worry about my passwords. They change weekly, I am paranoid about those already. Sounds like fun, eh? This is the first that I have heard that DH was breached. Hmm..maybe I am going to have to look for a new host. Thanks, Jem.
07 Jun at 10:40 pm
Well, I don’t use Dreamhost, but I do use WordPress. I haven’t upgraded yet. *hangs her head in shame* I have been afraid I would lose stuff (I know that’s what backing up is for). I’m going to have to install different versions of my plugins (what a hassle). I suppose I’ll have to upgrade soon enough anyway.
07 Jun at 10:45 pm
I have Dreamhost, thank you for the heads up looks like I have some checking to do.
08 Jun at 2:38 am
Thanks for the heads up Jem! So far the closest to any hacking I’ve got is from spam so fingers crossed I won’t get any problems in the future! *goes checks scripts*
08 Jun at 2:46 am
Okay, I just had about 10 minutes where I couldn’t access my site. I was paranoid. I guess my server just had a moment there, everything is back up now. Oh, I so need to upgrade as soon as possible I guess!
08 Jun at 3:36 am
Wow, that’s pretty scary. I just recently started the changing of the passwords – up to 15 or more characters – because I’m paranoid after hearing that there are people that will hack your account for money. I need to upgrade a good five or more scripts. I even had fixed up the files but was feeling lazy.
08 Jun at 5:51 am
Yes, I’m a complete moronic idiot crybaby! My lack of knowledge in departments I need to know has cost me a small embaressment twice today. Nothing huge but bad enough. You know… I think i deserve a Pants Award… *sigh*
08 Jun at 6:22 am
I’m only running wordpress currently, but mine is so out of date.
08 Jun at 7:02 am
I always keep my wordpress updated! When a upgrade is so easy there really isn’t any excuse.
08 Jun at 10:44 am
Yes! Give Arien the pants award! But make them some nice sexy lingerie, rather than granny knickers…
08 Jun at 1:56 pm
Thanks for the good advice – I was hacked a couple of years ago and have done semi regular checks and password changes since then, but I’ve been a bit too relaxed these last few months. I’ve also had a host go down without warning a couple of years before that, so I always back-up my files weekly as well.
08 Jun at 4:01 pm
I’m not on Dreamhost, but this is a welcome reminder to keep up with general host account-related maintenance. :)
08 Jun at 4:17 pm
Great! I have a ton of stuff running on my account, now I have to check ALL of it 0.0
08 Jun at 5:40 pm
YAY. I have 2 sites with Dreamhost. My host has 3 or 4 sites. Her only other hostee has 1 site. :( Now I’m depressed… I will be changing my password. Oh, and Dreamhost has a new layout in the http://ftp... IT SUCKS.
08 Jun at 7:32 pm
I love the last sentence… specifically the one in paranthesis… Even I’m guilty of one… but then again, I’m always hoping that people won’t find me interesting/important enough to “hit me”. Yeah yeah stupid… then again, I DO upgrade the scripts ^.^
08 Jun at 7:50 pm
It’s a pity that something like that happens to Dreamhost, which is known as a reliable host. At least they’re being honest about it. I’ve been taking most of your advice, and I’ve been glad that I did. But lots of people are probably too lazy to update. (Time to come up with a new password.)
08 Jun at 9:46 pm
Well, here’s information for you, it didn’t just happen to Dreamhost, but they are the only ones being vocal about it.
08 Jun at 9:53 pm
^ Do you have any sources I can publicise Corinne? :)
11 Jun at 3:30 am
Shit, I’m hosted with DreamHost! =( But I haven’t been affected by this spam (thank goodness). My scripts are all up to date, and I have a good password, so that may be the reason. Yippers! =)