{"id":59,"date":"2007-06-05T22:39:07","date_gmt":"2007-06-06T05:39:07","guid":{"rendered":"http:\/\/wahlers.com.br\/claus\/blog\/nightmarehost\/"},"modified":"2007-06-05T22:43:25","modified_gmt":"2007-06-06T05:43:25","slug":"nightmarehost","status":"publish","type":"post","link":"http:\/\/wahlers.com.br\/claus\/blog\/nightmarehost\/","title":{"rendered":"NightmareHost"},"content":{"rendered":"<blockquote>\n<pre style=\"font-family: Arial,sans-serif; font-color: #222;\">Hello -\r\n\r\nThis email is regarding a potential security concern related to your\r\n'xxxxxx' FTP account.\r\n\r\nWe have detected what appears to be the exploit of a number of\r\naccounts belonging to DreamHost customers, and it appears that your\r\naccount was one of those affected.\r\n\r\nWe're still working to determine how this occurred, but it appears\r\nthat a 3rd party found a way to obtain the password information\r\nassociated with approximately 3,500 separate FTP accounts and has\r\nused that information to append data to the index files of customer\r\nsites using automated scripts (primarily for search engine\r\noptimization purposes).\r\n\r\nOur records indicate that only roughly 20% of the accounts accessed -\r\nless than 0.15% of the total accounts that we host - actually had\r\nany changes made to them. Most accounts were untouched.\r\n\r\nWe ask that you do the following as soon as possible:\r\n\r\n1. Immediately change your FTP password, as well as that of any other\r\naccounts that may share the same password. We recommend the use of\r\npasswords containing 8 or more random letters and numbers. You may\r\nchange your FTP password from the web panel (\"Users\" section, \"Manage\r\nUsers\" sub-section).\r\n\r\n2. Review your hosted accounts\/sites and ensure that nothing has been\r\nuploaded or changed that you did not do yourself. Many of the\r\nunauthorized logins did not result in changes at all (the intruder\r\nlogged in, obtained a directory listing and quickly logged back out)\r\nbut to be sure you should carefully review the full contents of your\r\naccount.\r\n\r\nAgain, only about 20% of the exploited accounts showed any\r\nmodifications, and of those the only known changes have been to site\r\nindex documents (ie. 'index.php', 'index.html', etc - though we\r\nrecommend looking for other changes as well).\r\n\r\nIt appears that the same intruder also attempted to gain direct\r\naccess to our internal customer information database, but this was\r\nthwarted by protections we have in place to prevent such access.\r\nSimilarly, we have seen no indication that the intruder accessed\r\nother customer account services such as email or MySQL databases.\r\n\r\nIn the last 24 hours we have made numerous significant behind-the-\r\nscenes changes to improve internal security, including the discovery\r\nand patching to prevent a handful of possible exploits.\r\n\r\nWe will, of course, continue to investigate the source of this\r\nparticular security breach and keep customers apprised of what we\r\nfind. Once we learn more, we will be sure to post updates as they\r\nbecome available to our status weblog:\r\n\r\n      <a href=\"http:\/\/www.dreamhoststatus.com\/\" class=\"moz-txt-link-freetext\">http:\/\/www.dreamhoststatus.com\/<\/a>\r\n\r\nThank you for your patience. If you have any questions or concerns,\r\nplease let us know.\r\n\r\n- DreamHost Security Team<\/pre>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>Hello &#8211; This email is regarding a potential security concern related to your &#8216;xxxxxx&#8217; FTP account. We have detected what appears to be the exploit of a number of accounts belonging to DreamHost customers, and it appears that your account &hellip; <a href=\"http:\/\/wahlers.com.br\/claus\/blog\/nightmarehost\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-59","post","type-post","status-publish","format-standard","hentry","category-misc"],"_links":{"self":[{"href":"http:\/\/wahlers.com.br\/claus\/blog\/wp-json\/wp\/v2\/posts\/59","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/wahlers.com.br\/claus\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/wahlers.com.br\/claus\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/wahlers.com.br\/claus\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/wahlers.com.br\/claus\/blog\/wp-json\/wp\/v2\/comments?post=59"}],"version-history":[{"count":0,"href":"http:\/\/wahlers.com.br\/claus\/blog\/wp-json\/wp\/v2\/posts\/59\/revisions"}],"wp:attachment":[{"href":"http:\/\/wahlers.com.br\/claus\/blog\/wp-json\/wp\/v2\/media?parent=59"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/wahlers.com.br\/claus\/blog\/wp-json\/wp\/v2\/categories?post=59"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/wahlers.com.br\/claus\/blog\/wp-json\/wp\/v2\/tags?post=59"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}