I thought I should bring this to the attention of the Dreamhost community just in case this issue wasn’t confined to my account due to my own negligence (better safe than sorry):
Today I found two instances of a mass emailer in different subdirectories of two of my domains. The actual mailer was named “mass.php,” and judging by the email lists that accompanied it, had not been put into use yet.
Again, I want to make it VERY clear that this security issue may just be that someone got my password and used it to upload the files in question, so this MAY NOT BE A DREAMHOST ISSUE.
To check if you have fallen victim to the same problem, SSH into your account and use the following command:
find . -name mass.php
This will recursively search for any files named “mass.php.” Please let me know if any of you have similar issues.
Good luck, and I hope this was just due to my own stupidity of leaving my password lying around!