Hacked - Demand Answers


Ok, I just had, not 1, but 2 websites go down. I coded them myself, I went through security checks, I did everything. They were fine.

I am now missing 2 websites, along with a complete ACCOUNT to Dreamhost. Its gone. POOF. And you know what? Its nothing to do with the passwords for the websites, because it was not even CLOSE.

This is annoying me to no living end. Not one, but two websites hosted by Dreamhost are gone. There is no record of an account that I had paid for in full for a complete year.

-Eric M. Musgrove


What did Dreamhost say when you asked them what happened?

Surely you printed out your order info or saved it in an email, so I don’t see how there’s no record.

:stuck_out_tongue: Save up to $96 at Dreamhost with 96DOLLARSOFF promo code (I get $1).
Or save $97 with TAKESEILERSCASH.


I have not even been able to ask them, as I made a support topic, and then immediately after, I could not log in.

And yes, I still have the information from the registration process in my email.


Since you’ve already been in the support ticket system, you should be able to just send an email to support at dreamhost.com from the email address you used.

Other options would be to contact them with your info through dreamhost.com, or maybe try messaging an employee through this forum. Jeff, Nate and Dallas are with DH–probably more, but I’m not sure who.

:stuck_out_tongue: Save up to $96 at Dreamhost with 96DOLLARSOFF promo code (I get $1).
Or save $97 with TAKESEILERSCASH.


Any developer that feels their code is hack proof or prefect in security deserves to have his site hacked. Sorry, as a developer myself, I felt the need to inform you of this. :wink:

Now that’s past, contact DH. Find out what happened. Simple as that.

I do have to question: Your control panel account is gone, too?! Because it is not connected to your website account (as far as user login), unless you (like a fool /smile) made them the same…And you thought you were security conscious. :slight_smile:

If they were different, and it is still gone, then there’s a higher power working here that you need to figure out.

yerba# rm -rf /etc


"I do have to question: Your control panel account is gone, too?! Because it is not connected to your website account (as far as user login), unless you (like a fool /smile) made them the same…And you thought you were security conscious. :slight_smile:

If they were different, and it is still gone, then there’s a higher power working here that you need to figure out."

I had one password for site A, a different password for site B, a different password for the control panel, and a different password for every specific access each site has to make.

The control panel had no specific link to the actual websites themselves, and yet somebody was still able to access my control panel, change the email it uses, change all the passwords, wipe my subdomains, and who knows what else. I only recieved an email this morning say that my email had been chanced at such and such time (13 hours after it had happened), and that I should reply to it immediately if I did not authorize it. Only thing is, when I replied, my message wasnt delieved, becase MY EMAIL IS NOT IN THE SYSTEM ANYMORE.


Better than me. Ha … I have only three passwords. And my sites (a few of them) use the same password. Had for like 5 years. :slight_smile:

Anyway, sounds like, then, somebody found out the password to your control panel and then proceeded to have their fun with your sites. Your site passwords don’t matter once you gained access to the control panel. As a matter of fact, the user account passwords are given to you in plain text on one of the screens so you’re not forced to change the pwd if you forgot it.

Email DH, at any address you can find. They’ll respond. Don’t expect answers here. They merely browse the forums every so often.

Have you thought about creating another control panel account and using that to get a hold of them? You can have a control panel account w/out any web hosting options.

yerba# rm -rf /etc


While possible, I find it highly unlikely that it was just that, because a site I had worked on previously, which was on a completely different host was hit the day before. It used a completely different password as well.

http://octanegaming.com <— the other host
http://void-design.net <— one on dreamhost

I dont know if this guy is a common issue, or if its being directed at me specifically (as, 3 of my sites, within 2 days, seems pretty odd to be just random)


Three sites in two days? Dude, you’re being targeted. Sorry to say, but somebody’s after you. That’s why you’re having these problems.

As I always tell everybody, once you’re targeted, you’re pretty much screwed. :slight_smile:

As for this being any common issue, I can tell you right now, it is not. I would start looking at other things now, too. Stuff like: Was your password a dictionary word? How did YOU remember it; can a hacker figure that out? Is your username the same as one on the forums? (guice isn’t my login name to my panel or any sites. :wink: ). And so fort.

3 sites in 2 days. Two on DH and one on a completely unrelated host. That’s NOT a coincidence. NOR is this a DH problem, either.

omg … dude. Key loggers man. Scan your computer! You might have a key logger installed somewhere (root kits! blame SonyBMG for making them popular. 0.o ). Turn on a software firewall and log ALL incoming/outgoing packets. Find out if there’s any applications you don’t know about sending out data…Don’t use IE, Outlook or OE. Those APIs can be scripted from a remote app w/out your knowledge. Move to Firefox or even better Opera (nobody has API info on Opera). You’ve been compromised. 0.0

yerba# rm -rf /etc


I can tell you first, none of my passwords are dictionary words. I use a random password generator, all of them anywhere from 10-16 digits long, upper and lower case, alphanumeric. I remember them by using them often, and once I have it memorized, I trash any copies that I may have (all of which are paper only, kept in my room, of whom only my family has access to).

Could a hacker figure it out? No. They have no specific meanings or anything.

Is my username the same as the one of the forums? No.

I don’t have a keylogger, that I know. I am incredibly security aware on my computer, from virus scanner, to software firewall, to hardware firewall (a dedicated smoothwall computer). I never even touch IE, outlook, or OE. I just use Firefox, along with adblock.

My computer itself, I know, has not been compromised. I can view and monitor any and all traffic that goes through my network.


Any domain or subdomain you add is listed in the control panel.

That definitely sounds like an exploit on your end.

With your DH id & PW, they don’t need your site PWs, so it wouldn’t matter if they were different.

That would likely be someone with physical access to the computer(s) you use, a keylogger, or at the very least, someone that had access to your email address and read through your email, piecing it together from there.

If that happened to me, I’d go overboard on cleanup and reformat my computer, change all logins/emails/passwords (related to DH or not), then probably kill anyone that has been within 30 feet of my computer (plus witnesses, of course). :wink:

:stuck_out_tongue: Save up to $96 at Dreamhost with 96DOLLARSOFF promo code (I get $1).
Or save $97 with TAKESEILERSCASH.


Well, then you have to ask yourself, how can somebody figure out your information?

THREE sites in TWO days on DIFFERENT web hosts. So you can rule out this being a problem with the web host. They are targeting you and they found our your information somehow.

yerba# rm -rf /etc


My mistake, I meant to say that the actual websites have no links to the control panel.

For the other part, I am fairly confident that nobody has access to my email, because I change the password weekly, my computer is secure in the basis of physical access (as I said, only my family has access to my room, and even then, they dont have access to my computer), plus I live 30 miles out from the nearest town.

For the basis of a keylogger, I highly doubt that, because I constantly have my computer doing active virus scans, and I have no known enemies or anybody who would actually target me for something like this.

As for the overboard with cleanup…well…I was probably going to be installing Linux again anyways, so I guess its about time. My passwords and all, they have already been changed within about 10 minutes of me finding what was happening. I also think I found out, while it was in progress, because a few of my users commented they could still access the forums, then suddenly they couldnt, while I was going through the website, which had already been compromised, as well as I was able to get my initial support ticket in, but upon going back to check it, as well as change that password, I was not able to get into the account. My main fear, and deepest urging to get into the control panel right now, is that I paid for my account, with my debit card. I am afraid it might of been compromised, so I have contacted my bank to be on the lookout for any charges from it.


Yes, but I have no idea how or WHY. I mean, the other website was not even one that I owned. I just made a template and did coding for it, for payment.


And uploaded, no? So you had their login info stored somewhere.

You sounds like your overly concerned about security. I’m not saying it’s a bad thing! You just seem to do things 10 times more than I do and I have never had a site hacked (aside from a register_globals flaw in phpBB – that was fixed fast).

There is definitely something going on here. At least now you seem calmed down enough (again DH) on this issue. Maybe the other site had some trailing info leading to you?

WHY isn’t really a concern when you’re targeted. HOW is what I’d be worried about. If you cannot figure out HOW, you cannot make sure it doesn’t happen again…

yerba# rm -rf /etc


Your card number is safe. The most they can do is buy more DH services. Just keep an eye out for that. And do like I said above, create a new panel account and get a hold of DH immediately. Request a call back, anything to actually talk to somebody.

DH has backups. They’ll be able to restore your account to a previous day’s state. You just now need to get a hold of DH as well as figure out HOW somebody could have gained all your info.

(PDA? Phone? Bluetooth hack? Wireless network? Look at ALL your electronic devices and figure out all avenues of access.)

yerba# rm -rf /etc


Well, I did upload, but I did not have their login information stored anywhere. I take the security of clients even more seriously then I do mine, for the exact same reasons.

As for something going on, I agree, yet there is not much I can do about it yet. Could you please guide me in how to make a control panel account, without the actual payment part arising, as that is the only way I see.

Also, the how is what confuses me the most. I make sure to safeguard my pages from SQL Injection, because PHP\SQL is what I use most extensively. I make sure that any passwords used are encrypted, any scripts I have are up to date. So, I am completely clueless on what I can do.


oh … interesting. Good point. Dunno that one. I know I have DH accounts that don’t have services tied to them. Don’t know how to setup one independently. Sorry about that. :slight_smile:

I’m heading home, but what I can do is look through the forums for a DH admin so you can PM him. Maybe that’ll help some.

yerba# rm -rf /etc


Stupid form field…

I just typed a great reply and hit CTRL Z to undo a deleted word and it removed the whole message. Some programmers are just concerned with their own good, rather than seeing their product through and through. It’s funny, when you make a comment about them, everyone comes to their aid, even though the programmers themselves would agree with you. So, whoever is to blame on this, thanks for writing a forum that wasted my time!

Anyway (hahaha), it is important to remember that these hackers probably have issues with their past, and they crave attention and are selfish enough to cause someone else grief to get it. Insecure, lazy, there are lots of ways to describe these morons. Starving for attention, like the morons who play dress up and spend $50k on a loud as heck motorbikey like Harley Davidsons. The bikes are modified to be loud, it’s like a moronic ape-being with a loud, attention getting rattle. Like a baby, crying for attention, shaking a rattle and freaking out because it wants to be heard / seen. Of course, people are going to jump on the ‘defend the bikers’ band wagon, but you can’t tell me that the loud sound does anything else besides bring attention to the folks riding these bikes. Don’t get me wrong, I appreciate a well built machine, as well I have a couple friends that have Harley’s that just purrrrr. I still laugh when I see these ‘tough guys’ riding in their loud p.o.s. bikeys and they act like, what are you looking at? Well, I’m looking at the big ape like moron who craves attention so much that he needs to shatter other peoples’ ear drums to get it.

Can’t wait for aliens to come to the planet so the economy goes to hell. I realize governments and communities do not want aliens here. Who’s going to purchase cheap walmart crap when they can slap on a set of clothes and smuggle stuff through the galaxy with Chewbacca?

Ok, getting way off subject… so, in regards to this hacking. Sounds like it is something personal to me. Sad, the person that hacked you is probably some snot nosed rich kid whose parents are never around and he needs to do something to be ‘heard or seen’. Do you play online games? Perhaps you kicked someone’s butt online and it upset them. Perhaps you said something that offended someone as well. But this does not sound like a random event to me. One of my customers www.oneofakindantiques.com still ranks well in google. Type ‘antiques’ and we average number 4 of 200 million. I wrote the software that makes the site, on the server(s) I built, as well, take most of the photographs. Anyway, we used to rank approx. no 13 in Yahoo for ‘antiques’. Well, someone decided to take images from our website and put them, for sale even though they’ve been sold, on any and all free classifieds websites they can find. Of course, following up, we get phone calls and emails from the owners of these sites, asking us to stop putting our items online. I think this is part of what led us to be dropped from Yahoo’s search results. Although we are slowly getting back there. When we first got DSL years ago, we were getting hacked left and right, I think someone was targetting us, personally. They were installing a keylogger on our machines and then doing whatever their spineless mind could do. Eventually, we took care of it, though we don’t keep customer info. on the computers, etc. Perhaps they gave up whean all they found was images of old stuff.

Anyway, it is too bad that you can’t invite these turds into an octagon. Would love to break their weakling fingers and fuse them in their ear holes with my xray eyes.

One thing to remember, if someone targeted you, personally, they could write software that would not be picked up by virus scanners, because they ‘code’ is not in their database. There are ways around these things. If you search the goons name on Google, there is only 1 result returned, which is his website, which looks to be registered out of Virginia. I am not sure what language that is on the website, but perhaps you can cross reference that with natives of the language in the town in Virginia where the site is said to be registered. I did a search on Yahoo and there are a lot of results. The first I found was a casino website it looks like the moron hacked. Try contacting that casino to determine what they did and if they could figure out who it is.

Let us know how this works out for you. Best of luck and if I can think of anything that might help, I’ll be sure to post it.

Long post, haha, I type fast, so don’t think I spent all day composing this, ladies…


In many applications, Cntl-Y is “redo”. :slight_smile:
(I do know it works in Firefox)

yerba# rm -rf /etc