Website Security - Lost Access to my site!


#1

Hello,

I am running a simple website to display my portfolio and I recently noticed I was getting a lot of bad websites referring my website. A couple weeks after I noticed there is now a password required to access my /stats page and I cannot figure out what my password or username is.

I’m guessing the simplest answer is to find out what the pass/username is, but I have a strange feeling I’ve lost control due to one of these referral web pages.

Here is the website.

www.NathanJohns.info

I’m fairly new so any advice will help.

Thanks
Nathan


#2

Stats is usually set in the DreamHost panel:
https://panel.dreamhost.com/index.cgi?tree=status.stats&

But with so many suspicious referrers, you may have unauthorized files on your server. FTP in and look for any files that aren’t yours. Your stats report usually lists the most hit pages on your site, so again, look for stuff that’s not yours.


#3

There were some recent emergency changes to logs due to a security vulnerability. Have a look here http://discussion.dreamhost.com/thread-130819.html and see if it helps.


#4

Thanks guys, that helped shed some light into the problem. I logged into my Dreamhost panel to find there were no active users and I had to create one. After creating a new user and password I accessed my stats page by typing in the new user information and success, I was back viewing my page history.

I see now also the referral report has stopped referencing sex websites which is good. The only odd reference is 194 requests from domaincrawler…

And if I may, a quick question… I bought dreamhost services but am not sure on the services I have access to.

If I have another domain name registered, can I host it with Dreamhost at no charge? Essentially I want to host another domain.

Ex. www.nathanjohns.info and www.anotherwebsite.com under the same dreamhost account with no charge.

Is there a limit to the number of domains i host?

Thanks

Nate


#5

it’s unlimited. if you register your domain elsewhere, just point the domain to DH’s nameservers.