Current time: 04-16-2014, 05:55 PM Hello There, Guest! (LoginRegister)

Post Reply 
Hacked FTP passwords?
06-06-2007, 09:29 AM
Post: #11
Hacked FTP passwords?
Anyone who uses the same username/password combination for their accounts as they do for FTP (passed insecurely in plain text) is really, really stupid. Accounts have not been compromised! It is an FTP issue.

DreamHost has (to my knowledge) been investigating this problem since May 24th at the latest, and they have been able to trace activity by looking at their FTP traffic logs. Presumably, this is how they have been able to determine which FTP username/password combos were compromised.

No harm has been done, except to DreamHost's reputation. The exploitation, whatever it was, resulted in some very minor spamming. If nothing else, it has highlighted the importance of regularly changing passwords. Personally, I have begun using SFTP as part of my own efforts to improve security.

--------
si-blog | Keystone Websites
Save $97 on yearly plans with promo code SCJESSEY97
Visit this user's website Find all posts by this user
Quote this message in a reply
06-06-2007, 09:36 AM
Post: #12
Hacked FTP passwords?
That may be the case - but are you going to tell me none of those 3,500 accounts used the same passwords or that Dreamhost has no responsibility to anyone stupid or lazy enough to use the same password?

It appears I wasn't effected by this attack, but I still felt it necessary to change my passwords. I think all other dreamhost customers would be wise to do the same. If Dreamhost doesn't know how the accounts were compromised, how can they say they know exactly WHICH accounts were? Perhaps the attacker is sitting on another batch of 3,500 accounts.

As a side note, can anyone think of any reason why Dreamhost wouldn't offer me the ability to shutoff FTP and Telnet access to my account? I always use SFTP/SSH to connect and do not want these insecure methods available. I would further appreciate the option of locking down access to my SSH account via an RSA key.
Find all posts by this user
Quote this message in a reply
06-06-2007, 11:19 AM
Post: #13
Hacked FTP passwords?
Quote:This should ABSOLUTELY be up at DreamhostStatus.com.
Really? So, is the one host that actually has a public status blog, the only host that should announce these things?

I have never seen a single host as open about things as Dreamhost. But I have seen hosts that announce nothing, hide everything and when they're not doing that, they can be found policing & censoring their forums.

Personally, I'm happy to see they sent the info straight to the affected customers, rather than tell the rest of the world first and possibly cause more problems for those that host here.

You just can't win. If they posted it there, then people would have been complaining that they didn't keep it private to protect their customers and just contact them directly.

And if they did post it there, there would probably be geniuses in the comments section claiming they were hiding stuff by not posting the complete list of user names & passwords that were affected, so customers could conveniently stop by and check the list.

--------------------------------------------------------
Tongue Save up to $96 at Dreamhost with ALMOST97 promo code (I get $1).
Or save $97 with THEFULL97.
Visit this user's website Find all posts by this user
Quote this message in a reply
06-06-2007, 11:49 AM
Post: #14
Hacked FTP passwords?
Checking back in and I see that scjessey has written again on this thread and started another(or two) but no explicit answer for me?

So, for those of you monitoring this thread and seeking advice, let me suggest that the implied answer here is to indeed change your passwords. Whether you got an email notice from DH or not. And as someone/somewheres pointed out, there's a very good argument for changing your mysql passwords too. In other words, your account may have been compromised WITHOUT file modification but any clear text password info may have been harvested(like in many config files with DB connect info).

As so many are taking the time to point out(and contributing nothing in my opinion since this shows up in every DH oops thread), cheap hosting has consequences.

Unless DH or someone with solid info comes forward, it seems changing all passwords(again, including mysql, svn, etc..) would be wise... if a little painful.

--
jt
Find all posts by this user
Quote this message in a reply
06-06-2007, 11:53 AM
Post: #15
Hacked FTP passwords?
I think it is up on the status board now.

Not explicitly stated as being related, but an upgrade without prior notice?

I can't blame DH for not putting out a lot of info.

Should they have put out on the panel:

Severity: Low
Our site is not secure...

Update: We now know it is related to WebFTP. We are evaluating the exact problem and will post more info as it becomes available.

Update2: We have identified a fix and are scheduling an upgrade for 2 AM Saturday night.

On a serious note, as soon as the fix is in, I am changing all of my passwords. All should consider doing the same, even if they are already changed.

And if it is related, I would appreciate DH letting us all know when the vulnerability is (believed) closed.

Regards,
Rudy
Find all posts by this user
Quote this message in a reply
06-06-2007, 11:55 AM
Post: #16
Hacked FTP passwords?
Good Points, jt! As for your request:
Quote:Now, rlparker, you tell us there have been "several" threads on these forums around this topic? I don't doubt you here, but could you be so kind as to point them out?
Well, "several" may have been the wrong word to use; it certainly *seemed* like several to me, with as many posts as there were in the following two threads:

All my sites are hacked
Files Appended

There was another , but I dont think it was related to this. I'm probably also guilty of thinking it was discussed more here as a result of me seeing so much of it on the IRC channel Wink

I apologize if "several" was misleading; my point was that DH had not made an effort to keep anything *secret* about it.

--rlparker
Find all posts by this user
Quote this message in a reply
06-06-2007, 11:59 AM
Post: #17
Hacked FTP passwords?
Quote:indeed change your passwords.
This is something that's supposed to be done on a regular basis anyway--even when there aren't problems.

--------------------------------------------------------
Tongue Save up to $96 at Dreamhost with ALMOST97 promo code (I get $1).
Or save $97 with THEFULL97.
Visit this user's website Find all posts by this user
Quote this message in a reply
06-06-2007, 12:08 PM
Post: #18
Hacked FTP passwords?
It's always humorous to me to see responses to people who criticize Dreamhost. Me pointing out that DH should post a notice on the Status blog because it's wise for ALL users to change their passwords was not a direct attack on Dreamhost. I was not telling everyone to go get a new host. I was simply pointing out what I believed to be in error in their handling of this incident.

Yet all I get is "only stupid people do x." "You should be doing that on a regular basis anyway", etc. I wasn't aware this was a fan forum...
Find all posts by this user
Quote this message in a reply
06-06-2007, 12:49 PM
Post: #19
Hacked FTP passwords?
Quote:It's always humorous to me to see responses to people who criticize Dreamhost.
It's always humorous to me to see responses to people who disagree with people who criticize Dreamhost.

Does that sentence sound as stupid when the other side uses it? Big shocker that someone might disagree with you on a forum full of people that pay to be here.

And if you paid attention, you'd probably notice that if someone posted that Dreamhost is 100% perfect, they'd get called out for it as well.

The best thing they could have done is directly notify the people that were affected before announcing anything.

What part of that is so hard to understand?

Quote:Yet all I get is "only stupid people do x." "You should be doing that on a regular basis anyway", etc. I wasn't aware this was a fan forum...
Yeah, it's a fan site. Any site that promotes common sense is clearly a fan site.

You SHOULD be changing your passwords on a regular basis anyway, regardless of whether or not there's a problem. You SHOULDN'T use the same PW for everything. These very simple facts existed long before Dreamhost.

I guess if you haven't had a car stolen yet, you don't know that it's a bad idea to leave the doors open and the key in the ignition when you park it, right?

--------------------------------------------------------
Tongue Save up to $96 at Dreamhost with ALMOST97 promo code (I get $1).
Or save $97 with THEFULL97.
Visit this user's website Find all posts by this user
Quote this message in a reply
06-06-2007, 12:57 PM
Post: #20
Hacked FTP passwords?
Moving on...

As I and other suspected, Dreamhost has failed to notify at least 1 customer that their account was compromised. So maybe you guys can now conceed that a status message/email to all customers asking them to change their passwords is in order?

http://crookedtimber.org/2007/06/06/spam-again/
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump: