My site has not been hacked


So I wake up this morning to find this on my homepage:

Instead of the normal “Sony” topic logo. I look at the source, and sure enough, the img tag still points to /images/topics/sony.gif, which is exactly where it should be pointing to. I figure “oh well some joker got ahold of my FTP password and changed the file.” I quickly send an IM to the other person who has an FTP account on my site, and he of course denies any involvement. He does, however, confirm that the image has been changed as well; its not as though Firefox’s cache somehow got screwed up.

So I FTP into my account, and go to the directory in question. Every thing checks out…when I get down to “sony.gif,” I find that it even has the correct file creation date, and even filesize. “Well those sort of things can be falsified,” I tell myself, so I go ahead and download the file to verify its contents. And what do I find?

The file is correct. Just to be sure, I re-upload the local copy of sony.gif, refresh my homepage, and things are back to normal.

So does anyone know what’s going on here? The img link points to the correct location, and the file was correct. So how the hell did it turn into a picture of some random guy?

Obviously I’ve already changed all FTP passwords, mail passwords, and PostNuke passwords. While your “lol PostNuke” comments are of course welcome, I don’t think this has anything to do with PostNuke.

One thing I’d like to point out is that the image had a relative reference. Rather than "," I had defined the file path as simply “/images/topics/sony.gif.” Do relative paths leave room for security problems, or what? I’m very, very puzzled as to how this happened.

Some users on another board had mentioned it’s probably a problem with the proxy cache. In that case, it’s in DreamHost’s hands, right?