Massive Dreamhost hack, WordPress not to blame
6th June 2007
On mezzoblue, Dave Shea reports that someone had modified every index.php and index.html file on his site to include spam links at the bottom of the page, hidden inside a <u style="display: none;">
. Dozens of other people in his comments reported the same thing happening to their sites.
At first, it looked like the common thread was WordPress hosted on Dreamhost. Initial commenters were all running WordPress (Dave has it installed for other domains on his hosting account even though he doesn’t use it for mezzoblue itself) and there was a vulnerability in WordPress 2.0.7 which was fixed back in January but would still affect people who hadn’t yet upgraded. I posted a link suggesting that WordPress users in particular should check their sites.
I apologise to the WordPress team for even suggesting that their product had something to do with this. Here’s an e-mail Dreamhost sent out to some of their customers last night:
We have detected what appears to be the exploit of a number of accounts belonging to DreamHost customers, and it appears that your account was one of those affected.
We’re still working to determine how this occurred, but it appears that a 3rd party found a way to obtain the password information associated with approximately 3,500 separate FTP accounts and has used that information to append data to the index files of customer sites using automated scripts (primarily for search engine optimization purposes).
Our records indicate that only roughly 20% of the accounts accessed - less than 0.15% of the total accounts that we host—actually had any changes made to them. Most accounts were untouched.
Scary stuff.
More recent articles
- Weeknotes: Llama 3, AI for Data Journalism, llm-evals and datasette-secrets - 23rd April 2024
- Options for accessing Llama 3 from the terminal using LLM - 22nd April 2024
- AI for Data Journalism: demonstrating what we can do with this stuff right now - 17th April 2024
- Three major LLM releases in 24 hours (plus weeknotes) - 10th April 2024
- Building files-to-prompt entirely using Claude 3 Opus - 8th April 2024
- Running OCR against PDFs and images directly in your browser - 30th March 2024
- llm cmd undo last git commit - a new plugin for LLM - 26th March 2024
- Building and testing C extensions for SQLite with ChatGPT Code Interpreter - 23rd March 2024
- Claude and ChatGPT for ad-hoc sidequests - 22nd March 2024
- Weeknotes: the aftermath of NICAR - 16th March 2024