Current time: 04-24-2014, 06:33 AM Hello There, Guest! (LoginRegister)

zomg DH h4x'd me!!! (rant)
03-04-2012, 03:04 PM
Post: #1
zomg DH h4x'd me!!! (rant)
#!/bin/rant

The amount of misinformation, disinformation, and extremely bad advice contained within this thread is absurd. The vast majority of posts contained within will not solve anything. The few users (notably all long time Dreamhosters) that have offered sound advice and real solutions that actually will help their fellow Dreamhosters fix and secure their accounts have all but been dismissed into the ether because self-professed gurus who are nothing more than n00bs with access to a keyboard, along with some other random egoists who have no clue whatsoever about what just happened, are more concerned with denying their own responsibility for using scripts that are not secure and seem to think the act of pissing and moaning will aide them in passing the buck on to someone else.

Well, it won't. You installed it. It was your fault.


/rant Smile

Maximum Cash Discount on any plan with MAXCASH

How To Install PHP.INI / ionCube on DreamHost
Visit this user's website Find all posts by this user
03-04-2012, 03:29 PM
Post: #2
RE: zomg DH h4x'd me!!! (rant)
i decided early on not to chime in on that thread. nothing good would have come of it lol...

http://www.marciesgifts.com
PM for manual CMS(drupal,joomla,etc)/Blog(WP,MT,etc
)/forum(phpbb,smf,etc) install/transfer $75.
$25 Off w/promo code SPRINKLES
Visit this user's website Find all posts by this user
03-04-2012, 04:34 PM
Post: #3
RE: zomg DH h4x'd me!!! (rant)
(03-04-2012 03:04 PM)sXi Wrote:  #!/bin/rant

The amount of misinformation, disinformation, and extremely bad advice contained within this thread is absurd. The vast majority of posts contained within will not solve anything. The few users (notably all long time Dreamhosters) that have offered sound advice and real solutions that actually will help their fellow Dreamhosters fix and secure their accounts have all but been dismissed into the ether because self-professed gurus who are nothing more than n00bs with access to a keyboard, along with some other random egoists who have no clue whatsoever about what just happened, are more concerned with denying their own responsibility for using scripts that are not secure and seem to think the act of pissing and moaning will aide them in passing the buck on to someone else.

Well, it won't. You installed it. It was your fault.


/rant Smile

Although I still consider myself a n00b, I couldn't agree with you more. DH may be responsible for some things, such as the recent password fiasco, but as this thread shows, a careful analysis of an intrusion will almost always show that outdated / insecure / dodgy web-facing software which the webmaster istalled was exploited.

The grey area is, of course, the one-click installs because DH assists in their initial installation, but Concrete5 has it correct when it says that:
Quote:support ends with making sure concrete5 has installed correctly.

<rant>
I think many people who are complaining confuse a web host with a hosted solution. For those who don't know, Dreamhost is a web host. They primarily provide server space. Wordpress.com is an example of a hosted solution. They provide a managed installation of Wordpress and server space. There's a difference, and it's reflected in the price. It's like buying versus leasing. You buy it (Dreamhost) and you may get a limited warranty (help setting up), but if something breaks, especially outside of the warranty period (installation) generally, you are responsible for fixing it. If you lease (Wordpress.com), then you are paying for use of a working product, not the product itself. If it breaks, then you are not getting what you paid for, so the company has to fix it for you.

Dreamhost clouds this issue by offering a certain degree of assistance to get up and running, but they are not a managed hosting solution. If you want to save money by going the DIY route, then you should be prepared to DIY. If you don't have the time, skill, patience, whatever to DIY, then you should pay someone to do it for you. That's how it works IRL. There's no difference in the virtual world.
</rant>
Find all posts by this user
03-04-2012, 08:14 PM
Post: #4
RE: zomg DH h4x'd me!!! (rant)
(03-04-2012 04:34 PM)bobocat Wrote:  Although I still consider myself a n00b...

You were actually one of the (very) few who offered sound advice.


(03-04-2012 04:34 PM)bobocat Wrote:  The grey area is, of course, the one-click installs because DH assists in their initial installation...

There is no grey area. All Panels have automated installation of software sets (Fantastico et al).

The webmaster alone decides whether or not to press the "Install This Can of Worms Now" button.

Maximum Cash Discount on any plan with MAXCASH

How To Install PHP.INI / ionCube on DreamHost
Visit this user's website Find all posts by this user
03-04-2012, 08:23 PM
Post: #5
RE: zomg DH h4x'd me!!! (rant)
(03-04-2012 08:14 PM)sXi Wrote:  There is no grey area. All Panels have automated installation of software sets (Fantastico et al).

The webmaster alone decides whether or not to press the "Install This Can of Worms Now" button.

I agree. I should have said that it creates a grey area in the eyes of the customers, not in terms of liability. For those that don't really understand what they are buying, they may assume they are purchasing a managed hosting service.

I guess the ultimate test would be to pay for an account, install no software, and wait for an attack. If someone manages to exploit Dreamhost's default, html-only, holding page, then you would have cause to blame Dreamhost.

I haven't seen anyone complain about that yet though.
Find all posts by this user
03-04-2012, 08:57 PM
Post: #6
RE: zomg DH h4x'd me!!! (rant)
Mostly people are just lazy, do not read (instructions) and have never heard of doing a search (in this forum or Google or ...)
I am definitely a n00b.
Find all posts by this user
03-04-2012, 10:22 PM
Post: #7
RE: zomg DH h4x'd me!!! (rant)
Yeah, failure to RTFM is the usual suspect and, once done, often solves everything.

Maximum Cash Discount on any plan with MAXCASH

How To Install PHP.INI / ionCube on DreamHost
Visit this user's website Find all posts by this user
03-05-2012, 02:56 AM
Post: #8
RE: zomg DH h4x'd me!!! (rant)
I had to Google what RTFM means. Found it!!
Find all posts by this user
03-05-2012, 03:05 AM
Post: #9
RE: zomg DH h4x'd me!!! (rant)
(03-05-2012 02:56 AM)ronthai Wrote:  I had to Google what RTFM means. Found it!!

Hahaha!

Seriously, though, that's the difference, ronthai. I'm sure you noticed that about 70% of the questions on these forums could be answered by going to Google and spending 30 seconds or so refining the search query. There are those that teach themselves to fish by following the instructions on the box, and those that wait for someone to come and teach them by reading the instructions to them (or actually fishing for them!).
Find all posts by this user
03-05-2012, 04:07 AM
Post: #10
RE: zomg DH h4x'd me!!! (rant)
(03-05-2012 03:05 AM)bobocat Wrote:  Hahaha!

Seriously, though, that's the difference, ronthai. I'm sure you noticed that about 70% of the questions on these forums could be answered by going to Google and spending 30 seconds or so refining the search query. There are those that teach themselves to fish by following the instructions on the box, and those that wait for someone to come and teach them by reading the instructions to them (or actually fishing for them!).

I know bobocat, I check here regular and even sometimes offer some support for the most basic questions. The hard stuff I leave to you guys, because most times I have no idea even what the question means. But it comes all down to spending some time reading and trying and failing and try again. That is how I got my little knowlegde and everyday there is more to learn. If I/we can do it so can they.
Find all posts by this user


Forum Jump: