Do not use dreamhost!


I just received an email from DreamHost stating the following:

We were forced to disable your ‘####’ FTP/shell user due to indications
of spam originating from the user. Most likely, one or more of the
scripts under your user was compromised and will need to be secured.

Before we are able to re-enable this user, we will need to make sure
those scripts have been secured.

Please reply back with any questions or concerns so we can assist you

First of all, I have no clue what “scripts” they are talking about.

Second, I am unable to FTP in to “secure” them because my user is disabled.

I now have 30+ websites that are down because of someone most likely jumping the gun.


You were notified that your account is sending spam. Spam is obviously illegal. Paragraph three of the message you received explains that you should contact DreamHost’s support people for guidance on how to address the problem. Do you really believe they simply plucked your account at random out of 300,000 to knock you offline?


you received the same email too!?!?!?!?[hr]

I contacted them 6 times in the past hour.

Would also be cool if they told me what script(s) are sending the spam.

I only have one script that sends email. The email that it sends out is to specific email addresses on a mailing list that people signed up for.


No, I’ve never received any email of that sort. Never said I did, but I do know enough about this business to tell you that they didn’t just pick your account out of a hat. You need to check the script that sends email, obviously. :slight_smile:


I would, if they told me what script they were referring to, and if I could FTP in.

I am unable to though, because my account is disabled.


You said the only script you used was one that sent email. You are being accused of sending spam. Can you not put two and two together?

I suggest you wait for someone to answer you, since you claim to have sent several inquiries.


They disable one user and 30+ sites go down… are all your sites under the same user?

If it’s not just your own e-mail script that is somehow being abused, but instead one or more of your scripts have been compromised as DH suggests could be the case, you’re going to have a hell of time figuring out which scripts they are and where your security leak was. You should also assume that all the sites under that user may now have been compromised and will need checking.

DH can’t tell you which scripts are sending the spam, they only see what server and user the spam comes from. When everything is under one user that doesn’t really help to narrow it down.


If they can’t tell me what script(s) are sending the spam, how will they be able to go in to make sure they have been secured?

“Before we are able to re-enable this user, we will need to make sure
those scripts have been secured.”


To me that looks like a polite use of the word “we”, what it probably means is that you have to make sure they have been secured and then swear that you did clean then up by maybe showing them which ones you’ve cleaned up so that they can verify it. It’s of course clear they can’t be 100% sure that you’ve cleaned them all up, but when they reactivate your user, they’ll see if the spam starts flowing from it again or not.


Without FTP access, how am I supposed to do that again?



Did that over 24 hours ago.

Still have not received a reply back.


You are, I trust, using an email address for your account that is not part of your email at DreamHost, right?


Or just use and check your support page on the panel:

Panel support page:

Your support history:


I replied to the original email that they sent me at 9:00 AM ET on Feb 20, 2012.

That email was sent to my Gmail email address.

When I replied, I received a confirmation email with a reference number.

24 hours passed with no reply, so I submitted a support ticket via the support page within the Dreamhost panel.

After I did that, I received a confirmation email with a reference number.

On my support page within the Dreamhost panel, I have two open support tickets listed.

The first one is 1 day 2 hours old

The second one is 2 hours 39 mins old


Any update?