Current time: 04-18-2014, 11:42 AM Hello There, Guest! (LoginRegister)

Post Reply 
Sites hacked
02-23-2012, 04:59 AM
Post: #21
RE: Sites hacked
(02-23-2012 04:34 AM)jordi Wrote:  No disrespect intended, but I find it hardly convincing. In my case it was not specific sites with specific software that were affected, but a generic issue with all the sites at once, and widely different kinds of software. But, hey.

Don't believe what you don't want, but the cause can't be generic to all Dreamhost customers otherwise we'd all be affected and plenty of us are clearly not.

It could be generic to all *your* sites, but I don't know your specifics (and wouldn't have the time to look into it). I'd suspect there is something that all your sites have in common which made this possible to happen to you. Maybe you should hire someone specialized in this stuff to take a good look at everything you have and help you find the cause and prevent this in the future.

Otto - 7is7.comDreamhost VPS ManagerDreamhost Promo Codes
Visit this user's website Find all posts by this user
Quote this message in a reply
02-23-2012, 11:19 AM
Post: #22
RE: Sites hacked
Our Security team has observed that it is often the case that, when a single site is compromised, the scripts that are uploaded to it end up modifying everything "within reach". If you have multiple sites hosted under the same user, those sites will frequently end up being modified as well.

With this in mind, it may be a good idea for you (jordi) to at least two separate users — one for the WordPress sites, and one for your custom CMS. That way, an issue with one piece of software cannot affect sites running the other one.
Find all posts by this user
Quote this message in a reply
02-23-2012, 12:36 PM (This post was last modified: 02-23-2012 12:41 PM by jordi.)
Post: #23
RE: Sites hacked
(02-23-2012 11:19 AM)andrewf Wrote:  With this in mind, it may be a good idea for you (jordi) to at least two separate users ... That way, an issue with one piece of software cannot affect sites running the other one.

Thank you for the tip, Andrew, but this is not the case, as these sites already run under different users (not one for each, though). Frankly, the only thing I can think so far that they "all" have in common is that they are in the same server.

But thanks anyway.
Visit this user's website Find all posts by this user
Quote this message in a reply
02-23-2012, 02:29 PM
Post: #24
RE: Sites hacked
This same thing hit me last week (.logs file with the sites and altered every php file) I assumed it had something to do with Gallery (http://gallery.menalto.com) as the only two sites on my account that it hit had Gallery installed (2.3.1 which is the most updated version of 2, but 3 is out) I caught it fairly quickly - same day it happened, and restored from backups and am in the process of upgrading to gallery 3 (it's been off and on five days to load 11,000 images)

Today I realized that a few other sites on my account got hit. one of the original sites, and three others. One running wordpress, one is just a static page with a youtube link, and the other is just random code for a game I started writing and never finished..

I'm really curious as to how this is spreading, because I can't seem to stop it..
Find all posts by this user
Quote this message in a reply
02-23-2012, 03:14 PM
Post: #25
RE: Sites hacked
OK here is my story for what it is worth. I have 3 dreamhost accounts (2 shared and 1 vp) a hostgator account and a firehost account. I have been with dreamhost since 2009 and it has been a fairly good experience until the last 6 months. If you have other servers and work in them daily like I do you notice small things. Dreamhost is by far the slowest of the 3 with firehost being by far faster,but recently it has gotten worse. Dreamhost must be getting to popular and slowing down because of traffic or something.

Of my 3 dreamhost accounts only 1 got hacked. On that one account EVERY domain got hit. Wordpress sites, non wordpress sites and basic php sites. If there was a php file extension anywhere it got hit. Also files were added with people names for titles. lindakicker.php, borishaslov.php etc. The name files were added to root folders as well as image folders. I didn't have one .htaccess file changed. In all about 12 domains were hit, and each domain had a separate user. I had one basic hand build php site that was hit and it had nothing in it, basic html only. It had a separate user, so don't tell me this is a plugin, or wordpress issue only. This is either a dreamhost or a php issue. Even if it is a php issue dreamhost should have a safeguard against it. Firehost is like fortknox and this would have never happened there.

I have asked for my backups and I am still waiting for dreamhost to supply it. They have turned off chat and when you create a ticket they respond with its your fault look at all your outdated files. I asked to have ziparchive turned on on a few domains and their response was a wiki page for me to do it myself. I am very sad to say that after these many years I am beginning the migration process. I know these things happen in life and I can overlook them, but the way you handle them determines the future of your company. Maybe dreamhost if you would help your customers fix this problem or give them friendly advice and pretend to be on the same team we would not be leaving in droves.
Find all posts by this user
Quote this message in a reply
02-23-2012, 03:20 PM
Post: #26
RE: Sites hacked
The backup feature in the panel is either broken or delayed, restored backups from it the first time around (I have local backups, but with DSL it would've taken a day or so to restore that way, so I just had DH dump the latest backup in a temp folder, checked it for accuracy and made it live) Today I requested a backup on three sites and nothing all day.. uploading a backup of one of the sites.. should be done in a few hours..
Find all posts by this user
Quote this message in a reply
02-23-2012, 03:24 PM
Post: #27
RE: Sites hacked
(02-23-2012 03:20 PM)joedel263 Wrote:  The backup feature in the panel is either broken or delayed, restored backups from it the first time around (I have local backups, but with DSL it would've taken a day or so to restore that way, so I just had DH dump the latest backup in a temp folder, checked it for accuracy and made it live) Today I requested a backup on three sites and nothing all day.. uploading a backup of one of the sites.. should be done in a few hours..

I asked for it 2 days ago and still nothing. I have a feeling this thing is a lot bigger than they are letting on to and that is why they are quiet right now with chat turned off. Please dreamhost let us know the truth
Find all posts by this user
Quote this message in a reply
02-23-2012, 04:32 PM
Post: #28
RE: Sites hacked
Thanks for the info re. the logs

A week after cleanup, I’m still having issues with my server.

Any new files or folders I create have permissions set to 000, and when I subsequently try to move or delete folders (after setting permissions to 644 or similar), I get a 'remote chmod failed', or a 'could not upload’ error.

Any ideas how to fix this?

I’m not interested in apportioning blame to Dreamhost, just getting my web space up and running again, but it’s weird that this happens 2 weeks after a dreamhost account breach, and to so many people. All of my WP installations were pretty recent (updated in last 3 months), and I barely use plugins.
Find all posts by this user
Quote this message in a reply
02-23-2012, 09:33 PM
Post: #29
RE: Sites hacked
OK guys this script works like a charm. Go to this site http://www.php-beginners.com/solve-wordp...k-fix.html scroll down and download the first versioncleaner-cli_2.4.php
Upload it to your domains root folder (.com one) then navigate to it from your browser and hit return. Give it about 3 min or more to run then it will output all the files it cleaned up. I have used it 8 times now and it has worked perfectly everytime. I hope this helps people like it did for me. Saved me hours.
Find all posts by this user
Quote this message in a reply
02-23-2012, 10:34 PM
Post: #30
RE: Sites hacked
(02-23-2012 09:33 PM)Arrowoods Wrote:  OK guys this script works like a charm. Go to this site http://www.php-beginners.com/solve-wordp...k-fix.html scroll down and download the first versioncleaner-cli_2.4.php
Upload it to your domains root folder (.com one) then navigate to it from your browser and hit return. Give it about 3 min or more to run then it will output all the files it cleaned up. I have used it 8 times now and it has worked perfectly everytime. I hope this helps people like it did for me. Saved me hours.

Thanx for this Smile Besides running the script, is there anything else I need to do. All my sites (2 different users) have been effected.
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump: