Zuma hack and awstats


#1

As a victim of last night’s attack, I just got done reading the release about the hacking. Am I to believe that this was done through a hole in AwStats? I read the part about “update your scripts!”, but to my knowledge, I never installed, ran, or used AwStats on the domain that was hit.

Also, since this hit the one weekend where I was without my home PC (and all the files and FTP software I work with), is there quick and easy way I can get that obnoxious simien crap off my site without having to download anything? (I only have access to a work computer until at least tomorrow morning.)

Thanks for the help!

have you met tony?


#2

I just found this announcement. It should help with getting your files back:

Unfortunately your machine, zuma, was hacked very late last night. We moved zuma to clean
new hardware and patched the exploit that was used (the initial exploit was for Awstats, which
we announced about three days ago…upgrade your scripts!)

We’ve also upgraded all of our other machines, so they’re not vulnerable.

It appears that a few people’s sites had their index.html files overwritten by the hackers. If this
happened to you, you can quickly and easily restore from our backups by following this KBase
article:

https://panel.dreamhost.com/kbase/index.cgi?area=2585


#3

P.S. You can use Dreamhost’s control panel to ftp to your site. Use the “Domain” tab and then the “Manage” tab.


#4

Cool! I knew there had to be a generic FTP setup in there somewhere, didn’t know where to find it! I still don’t have my site completely, but I got rid of that other crap!

have you met tony?