Site atacked


#1

I was the victim of a sql injection attack, I think it ruined my database so I created a new one did a fresh install of my fourum software.Everything is ok now apart from a missing old database.I have the logs of the attack,I even know WHO was attacking my site/dreamhost server and Dreamhost seems to not be concerned about this in anyway. Customer service used to be top notch with Dreamhost but it has gone downhill real fast. I am bothered that something like this attack can happen and DH not doing anything about it. Yes,they did a security scan and everything is basically ok but they still haven’t gotten back to me about the attack or missing database which seems to link to website that I dont even own. Anyone else have problems with them and their non-chalant attitude towards site attacks ?

time is ticking for you Dreamhost,want to keep you but things are going bad real fast and can’t see keeping you for my hosting provider much longer.

-EGO-


#2

Not having any problems with their handling of the attacks I had given site security is my responsibility.
Backing up my site it my responsibility.
Restoring from my backups is my responsibility.
Keeping the servers running is their job.


#3

Agreed


#4

Part of host’s responsibility is to promote clarity by communicating clearly what they consider to be their responsibility and what not.

Dreamhost cloud this issue by providing one-click installs with automatic updates.

(if they still do … I think I read somewhere that they are phasing it out)

~Tom


#5

What do you want DH to do about it? You chose the software which was vulnerable to sql injection and you chose to use a database. DH didn’t force you to do that, did they? If you don’t want to have a risk of sql injection, that don’t use database-driven software.

[hr]

If you turn on the help boxes, you’ll see the following for one-click installs:

[quote]Unless you choose our “Simple Installation” mode (only supported by some apps), you are responsible for upgrading your old installations should any critical security holes be discovered! You can update apps installed in “Custom Installation” mode from here by clicking “Manage Installed Applications” below.

We do not provide technical support for this software! For technical support beyond using this page to install applications, contact the software authors at the official sites linked on each application’s popup window.[/quote]

Seems clear to me.


#6

Hi, yes I think that’s clear enough but I am referring to

http://blog.dreamhost.com/2009/09/06/update-your-wordpress/

where they said, (my bold added)

[quote]We provide a one-click installer and upgrader for WordPress (and several other popular web applications) making it as simple as clicking a button in our web panel. We even let you request that we email you whenever a new release is available so you don’t have to keep track of it yourself.

If that is still too much effort and you are willing to give up some flexibility, we also provide what we call an easy one-click installer, which is really just a fully managed and hosted version of WordPress that we update and maintain for you. Even better, you can get this service from us absolutely free from DreamHost Apps (which also includes a bunch of other popular web apps for the same $0 price tag).[/quote]

That is 2.5 years old so there is room for them to have a different policy now, but my questions are:

(1) have they clearly withdrawn that offer?
(2) how did they notify their customers that the offer is withdrawn?

~Tom


#7

I think both questions are clearly answered by noting that there are no one-click install buttons on the panel anymore.


#8

But that is not good enough, it only covers the case of new customers.

I, for example, installed some of those managed applications, some years ago, to try them out, decided they all looked horrible, and simply walked away.

Should I have deleted them?

I don’t know. Arguably yes, arguably no.

(Of course, now I’ve deleted them all. But that’s only because I read this forum.)

Did Dreamhost send me notification that they were stopping maintaining those apps?

I don’t think so. Maybe they did and it went into my spam folder (which in itself is a major problem that the industry is not properly addressing, in my opinion).

I suspect that they never sent notification.

~Tom


#9

[quote=“tomtavoy, post:8, topic:57575”]
But that is not good enough[/quote]

For some reason, I knew you would say that.