All my sites hacked - check yours too!

I don’t know whaether this is a hack or what but one of my sites has been completely wiped. It is/was plain old HTML.

What could have caused this? This site has been hosted here for 3+ years with no incidents. It looks like someone just deleted everything!!

It is possible that you are a victim of the same exploit. Do you have SSH enabled for that user account?


si-blog | Keystone Websites
Save $97 on yearly plans with promo code [color=#CC0000]SCJESSEY97[/color]

Yes. I was having trouble getting into the Dreamhost Web panel too! I got in with a different user I set up.

Should I just change all my FTP log-ins and reload the site?

If you have SSH access. login to the shell and run the following:last <yourusername>You should see a list of accesses, and if you see any IPs other than your own then you’ve probably been hacked like everyone else. In which case, report the problem to the Abuse Department (abuse.dreamhost.com). Definitely change any passwords you have.


si-blog | Keystone Websites
Save $97 on yearly plans with promo code [color=#CC0000]SCJESSEY97[/color]

Thanks. It defintely seems like I got nailed by this.

I didn’t get any emails from Dreamhost warning me about the FTP exploit, however. I couldn’t get into the panel today, and then decided to check my sites. Sure enough my oldest and highest ranked site under that user was blammo.

I’d be more upset but I really needed to redesign that site anyway… :wink:

This is a good tip, jessey. I see a lot of logins, but I happen to be one of the lucky ones where nothing got changed. Still very worrisome…

Free unique IP and $67 off with promo code [color=#CC0000]FLENSFREEIP67[/color] or use [color=#CC0000]FLENS97[/color] for $97 off. Click here for more options

Maybe your password is just too weak. You should post it here so we can analyze it. :stuck_out_tongue:

Or instead of using “password” as your password, you could change it to something uncrackable, like asdf, qwerty, or 1234. :smiley:


:stuck_out_tongue: Save up to $96 at Dreamhost with ALMOST97 promo code (I get $1).
Or save $97 with THEFULL97.

I thought “p@ssword” was supposed to be the best one to go for?


si-blog | Keystone Websites
Save $97 on yearly plans with promo code [color=#CC0000]SCJESSEY97[/color]

Has anybody checked their stats to see if they are getting an unusual amount of adult website referers. In the past 1 to 2 months the number is gradually increasing on my site. So far I haven’t been hacked (fingers crossed)
Silk

My website

I mentioned referrer log spam in the other thread you replied in. Unless they’re actually linking to you, that’s all that would be.

Some people use .htaccess and block any %{HTTP_REFERER} that contains certain words.

Ex: (porn|cialis|Dreamhost Promo Codes|xanax|etc…) :wink:


:stuck_out_tongue: Save up to $96 at Dreamhost with ALMOST97 promo code (I get $1).
Or save $97 with THEFULL97.

It is… but I’m using that one. If only I use it, then it should be a very rare password that no one would ever guess. :stuck_out_tongue:


:stuck_out_tongue: Save up to $96 at Dreamhost with ALMOST97 promo code (I get $1).
Or save $97 with THEFULL97.

Yep, thats what I started doing.
Silk

My website