Are Dreamhost Wordpress users at risk?

wordpress

#1

I opened our personal Dreamhost account in late 2004. Initially, we used HTML along with Gallery, my son played around with phpbb until his unlooked at PHPBB installation was overrun with spam posters. I played with PHP and Mysql, and we decided 4 years ago to go to wordpress.

The kinds of visitors we saw 4 years ago, were different from the users we are seeing today. My dreamhost account was also different then; every user had access to each others files! How convienent! What a hole that is today!

I started a really strange project about 6 weeks ago, because I was running into memory limitations on one of my dreamhost domains and it took between .5 seconds and 22 seconds to load a home page, I started to wonder if plugins were causing a problem and whether there was a way to eliminate most of the wordpress plugins I was using. I figured I could move some functionality from wordpress plugins to .htaccess. The result was I started processing access logs and error logs (a really cool dreamhost tool!) and I needed to sit down from shock. My ‘home’ if my private domain is like a home was swarming with people doing crazy things like jimmying the locks and seeing if all the windows were open. For example on 6 web domains I had 8 unique users make 1396 login attempts in 2 minutes. How about trying to insert code into my php files? Happens. How about probe my website for weakness? Happens every day; all day; all night.

I’ve decided to dust off an old domain and devote it to helping dreamhost users ‘harden’ their site. At a minumum, we live in a new world where we need clear disaster recovery techniques and we need as much protection as we can get. To change the conversation to let’s see what’s happening on MY site, here is a new tool I’ve written.

PHP access log reader tool for wordpress dreamhosters

and here is a blog entry about it:

wplook.php blog entry

This tool will list admins, users by IP address and Domain name, and call out strange commands that I’ve noticed in the last six weeks that are actually happening on YOUR sites.

For wordpress, a compromised database is the worst possible outcome; therefore protecting the password is important, next, although painful, a compromised site should probably be reinstalled. This is not an issue if you have an uncompromised database. Next, your wordpress site should have no extra stuff, no extra themes, no uninstalled plugins, no historical versions of gallery, phpbb lying around, these are loaded guns.

I will be inviting my friends help to blog at repairitblog.org on their area’s of expertise for hardening wordpress on dreamhost. PM me if your have any suggestions.

I believe that if we all stay a few feet in front of the hacking tide, we are not at risk; however, I’m going to insure that I’m backing up my WP database regularly, as a wise man said “Believe in God, but row from the rocks.”

:slight_smile:

Bill Kelly


#2

Has anyone tried this solution on Dreamhost? Seems to be similar to your project: http://www.ossec.net/main/